On Fri, Mar 16, 2018 at 12:07:59PM -0400, Peter Eisentraut wrote:
> On 3/15/18 12:13, Daniel Gustafsson wrote:
>> * In src/tools/msvc/Mkvcbuild.pm
>>
>> # if building without OpenSSL
>> if (!$solution->{options}->{openssl})
>> {
>> + $postgres->RemoveFile('src/backend/libpq/be-se
On 3/16/18 12:38, Daniel Gustafsson wrote:
>> Maybe this is a bit too cute. We could instead add another setting
>> "ssl_passphrase_command_support_reload”.
> I think thats a good idea, this feels like an easy thing to be confused about
> and get wrong (which I might have done with the above).
>
> On 16 Mar 2018, at 17:07, Peter Eisentraut
> wrote:
>
> On 3/15/18 12:13, Daniel Gustafsson wrote:
>> * The documentation for the passphrase command format states:
>>
>>"If the setting starts with -, then it will be ignored during a reload and
>>the SSL configuration will not be relo
On 3/15/18 12:13, Daniel Gustafsson wrote:
> * In src/backend/libpq/be-secure-common.c:
>
> +int
> +run_ssl_passphrase_command(const char *prompt, bool is_server_start, char
> *buf, int size)
> +{
> [..]
> + size_t len = 0;
> [..]
> + return len;
> +}
>
> run_ssl_passphrase_comm
First: thanks a lot for hacking on the SSL code, I might be biased but I really
appreciate it!
The patch no longer applies due to ff18115ae9 and f96f48113f, but the conflicts
are trivial so nothing to worry about there. Documentation exist and reads
well, the added tests pass and seem quite reaso
On 2/26/18 01:32, Daniel Gustafsson wrote:
> +replaced by a prompt string. (Write %% for a
> +literal %.) Note that the prompt string will
>
> I might be thick, but I don’t see where the %% handled?
Ah, I had broken that in my submitted patch. New patch attached.
> Also, AFAIC
> On 23 Feb 2018, at 11:14, Peter Eisentraut
> wrote:
>
> Here is a patch that adds a way to specify an external command for
> obtaining SSL passphrases. There is a new GUC setting
> ssl_passphrase_command.
+1 on going down this route.
> Right now, we rely on the OpenSSL built-in prompting m
On Fri, Feb 23, 2018 at 08:16:12AM -0500, Robert Haas wrote:
> On Thu, Feb 22, 2018 at 10:14 PM, Peter Eisentraut
> wrote:
>> Here is a patch that adds a way to specify an external command for
>> obtaining SSL passphrases. There is a new GUC setting
>> ssl_passphrase_command.
>>
>> Right now, we
On Thu, Feb 22, 2018 at 10:14 PM, Peter Eisentraut
wrote:
> Here is a patch that adds a way to specify an external command for
> obtaining SSL passphrases. There is a new GUC setting
> ssl_passphrase_command.
>
> Right now, we rely on the OpenSSL built-in prompting mechanism, which
> doesn't work
Here is a patch that adds a way to specify an external command for
obtaining SSL passphrases. There is a new GUC setting
ssl_passphrase_command.
Right now, we rely on the OpenSSL built-in prompting mechanism, which
doesn't work in some situations, including under systemd. This patch
allows a con
10 matches
Mail list logo
