Re: ssl passphrase callback

On 12/7/19 12:16 PM, Tom Lane wrote:
> Andrew Dunstan <andrew.dunstan@2ndquadrant.com> writes:
>> Bruce was worried about what would happen if we defined both
>> ssl_passphrase_command and ssl_passphrase_callback. The submitted patch
>> let's the callback have precedence, but it might be cleaner to error out
>> with such a config. OTOH, that wouldn't be so nice on a reload, so it
>> might be better just to document the behaviour.
> I think it would be up to the extension that's using the hook to
> decide what to do if ssl_passphrase_command is set.  It would not
> be our choice, and it would certainly not fall to us to document it.
>
>> He was also worried that multiple shared libraries might try to provide
>> the hook. I think that's fairly fanciful, TBH. It comes into the
>> category of "Don't do that."
> Again, it's somebody else's problem.  We have plenty of hooks that
> are of dubious use for multiple extensions, so why should this one be
> held to a higher standard?
>
>             


Well that pretty much brings us back to the patch as submitted :-)


cheers


andrew

-- 
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services