| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Extended test coverage and docs for SSL passphrase commands |
| Date: | 2025-11-12 14:15:20 |
| Message-ID: | 69b84801-f844-408b-b617-73e1d797db61@eisentraut.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 07.11.25 21:26, Daniel Gustafsson wrote:
> When I was writing tests for the SSL SNI patch [0] I realized that the current
> tests for ssl passphrase commands aren't fully exercising the feature, so I
> extended them to better understand how it works. Attached is an extended set
> of tests for passphrase protected keys where connection and reloads are tested
> as well as their different characteristics on Windows.
>
> The patchset also contains a small doc addition which documents the fact that
> passphrase command reloading must be on when running on Windows (EXEC_BACKEND)
> since every backend will issue a SSL configuration reload.
Your test code conflates $windows_os with EXEC_BACKEND. It should work
to enable EXEC_BACKEND on a non-Windows system and have everything work.
So I think that code needs to extract the actual EXEC_BACKEND setting
somehow, instead of using the OS identity as a proxy.
About the behavior that your documentation patch describes, I would like
to have some kind of reflection of that in the code as well. At least a
comment near default_openssl_tls_init() maybe? I haven't traced the
code through, but I would be curious about what is different in an
EXEC_BACKEND environment. For example, is the argument isServerStart
also true if it's not a server start? Or should the setting actually be
enforced directly on the GUC system?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2025-11-12 14:17:09 | Re: alignas (C11) |
| Previous Message | Andres Freund | 2025-11-12 14:02:42 | Re: alignas (C11) |