| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Re-allow SSL passphrase prompt at server start, but not thereaft |
| Date: | 2017-01-04 17:44:29 |
| Message-ID: | E1cOpbx-0003PR-Kx@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Re-allow SSL passphrase prompt at server start, but not thereafter.
Leave OpenSSL's default passphrase collection callback in place during
the first call of secure_initialize() in server startup. Although that
doesn't work terribly well in daemon contexts, some people feel we should
not break it for anyone who was successfully using it before. We still
block passphrase demands during SIGHUP, meaning that you can't adjust SSL
configuration on-the-fly if you used a passphrase, but this is no worse
than what it was before commit de41869b6. And we block passphrase demands
during EXEC_BACKEND reloads; that behavior wasn't useful either, but at
least now it's documented.
Tweak some related log messages for more readability, and avoid issuing
essentially duplicate messages about reload failure caused by a passphrase.
Discussion: https://postgr.es/m/29982.1483412575@sss.pgh.pa.us
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/6667d9a6d77b9a6eac89638ac363b6d03da253c1
Modified Files
--------------
doc/src/sgml/runtime.sgml | 19 +++++---
src/backend/libpq/be-secure-openssl.c | 84 ++++++++++++++++++++---------------
src/backend/libpq/be-secure.c | 10 ++---
src/backend/postmaster/postmaster.c | 8 ++--
src/include/libpq/libpq-be.h | 2 +-
src/include/libpq/libpq.h | 2 +-
6 files changed, 72 insertions(+), 53 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-01-04 18:18:41 | pgsql: Move partition_tuple_slot out of EState. |
| Previous Message | Robert Haas | 2017-01-04 17:03:59 | pgsql: Update obsolete comments in lwlock.h. |