Re: ssl passphrase callback
Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
From: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Alvaro Herrera <alvherre@2ndquadrant.com>,
Bruce Momjian <bruce@momjian.us>, Magnus Hagander <magnus@hagander.net>,
Tomas Vondra <tomas.vondra@2ndquadrant.com>,
Simon Riggs <simon@2ndquadrant.com>, Robert Haas <robertmhaas@gmail.com>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2019-12-07T21:03:27Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Provide a TLS init hook
- 896fcdb230e7 13.0 landed
On 12/7/19 12:16 PM, Tom Lane wrote: > Andrew Dunstan <andrew.dunstan@2ndquadrant.com> writes: >> Bruce was worried about what would happen if we defined both >> ssl_passphrase_command and ssl_passphrase_callback. The submitted patch >> let's the callback have precedence, but it might be cleaner to error out >> with such a config. OTOH, that wouldn't be so nice on a reload, so it >> might be better just to document the behaviour. > I think it would be up to the extension that's using the hook to > decide what to do if ssl_passphrase_command is set. It would not > be our choice, and it would certainly not fall to us to document it. > >> He was also worried that multiple shared libraries might try to provide >> the hook. I think that's fairly fanciful, TBH. It comes into the >> category of "Don't do that." > Again, it's somebody else's problem. We have plenty of hooks that > are of dubious use for multiple extensions, so why should this one be > held to a higher standard? > > Well that pretty much brings us back to the patch as submitted :-) cheers andrew -- Andrew Dunstan https://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services