-
- Downloads
Re-allow SSL passphrase prompt at server start, but not thereafter.
Leave OpenSSL's default passphrase collection callback in place during the first call of secure_initialize() in server startup. Although that doesn't work terribly well in daemon contexts, some people feel we should not break it for anyone who was successfully using it before. We still block passphrase demands during SIGHUP, meaning that you can't adjust SSL configuration on-the-fly if you used a passphrase, but this is no worse than what it was before commit de41869b. And we block passphrase demands during EXEC_BACKEND reloads; that behavior wasn't useful either, but at least now it's documented. Tweak some related log messages for more readability, and avoid issuing essentially duplicate messages about reload failure caused by a passphrase. Discussion: https://postgr.es/m/29982.1483412575@sss.pgh.pa.us
Showing
- doc/src/sgml/runtime.sgml 12 additions, 7 deletionsdoc/src/sgml/runtime.sgml
- src/backend/libpq/be-secure-openssl.c 49 additions, 35 deletionssrc/backend/libpq/be-secure-openssl.c
- src/backend/libpq/be-secure.c 5 additions, 5 deletionssrc/backend/libpq/be-secure.c
- src/backend/postmaster/postmaster.c 4 additions, 4 deletionssrc/backend/postmaster/postmaster.c
- src/include/libpq/libpq-be.h 1 addition, 1 deletionsrc/include/libpq/libpq-be.h
- src/include/libpq/libpq.h 1 addition, 1 deletionsrc/include/libpq/libpq.h
Loading
Please register or sign in to comment