Re: Internal key management system
| От | Bruce Momjian |
|---|---|
| Тема | Re: Internal key management system |
| Дата | |
| Msg-id | 20201028191219.GB3239@momjian.us обсуждение исходный текст |
| Ответ на | Re: Internal key management system (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-hackers |
On Wed, Oct 28, 2020 at 02:29:16PM -0400, Bruce Momjian wrote: > On Wed, Oct 28, 2020 at 12:02:46PM +0800, Craig Ringer wrote: > > Yes, that's possible. But in that case the passphrase will be asked for by > > openssl only when required, and we'll need to supply an openssl askpass hook. > > What we _will_ need is access to a /dev/tty file descriptor, and this > patch does that, though it closes it as soon as the internal keys are > unlocked so the terminal can be disconnected from the database > processes. FYI, the file descriptor facility will eventually allow for SSL certificate unlocking passwords to be prompted from the terminal, instead of requiring the use of ssl_passphrase_command, but let's get the facility fully completed first. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
В списке pgsql-hackers по дате отправления: