Re: Adding support for SSLKEYLOGFILE in the frontend
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>, Abhishek Chanda <abhishek.becs@gmail.com>, Álvaro Herrera <alvherre@alvh.no-ip.org>
Date: 2025-04-09T18:45:06Z
Lists: pgsql-hackers
> On 9 Apr 2025, at 20:41, Jacob Champion <jacob.champion@enterprisedb.com> wrote: > > Hello, > > On Thu, Apr 3, 2025 at 8:51 AM Daniel Gustafsson <daniel@yesql.se> wrote: >> Committed, after another round of testing and looking. > > I think we may want to consider marking sslkeylogfile as a debug > option (that is, opt->dispchar = "D") in fe-connect.c. Besides being a > true "debug option", this would also prevent a relatively unprivileged > user of postgres_fdw or dblink from logging the backend connection's > keys. WDYT? I think that sounds like a good idea, unless anyone thinks otherwise I'll go ahead and make it so. -- Daniel Gustafsson
Commits
-
Fix sslkeylogfile error handling logging
- a6c0bf93031d 19 (unreleased) landed
- 39f01083facd 18.0 landed
-
Mark sslkeylogfile as Debug option
- 2970c75dd982 18.0 landed
-
libpq: Add support for dumping SSL key material to file
- 2da74d8d6400 18.0 landed