Re: Adding support for SSLKEYLOGFILE in the frontend

On 20/03/2025 11:39, Álvaro Herrera wrote:
> Hello,
> 
> It seems there's rough consensus on proceeding with a connection param
> and no environment variable.  TBH it's not very clear to me that an
> envvar is a great way to drive this, even if there weren't security
> considerations at play, just considering the case of a multithreaded
> program that opens two connections ... reading that log file is going to
> be super fun.

I believe the usual way to use SSLKEYLOGFILE is indeed to append all 
keys to the same file. That's how I use, at least. I'm not sure if 
openssl has some locking on it, but I've never had a problem with having 
data from different connections mixed up. The lines are not that long, 
it probably just relies on write(2) being atomic enough.

-- 
Heikki Linnakangas
Neon (https://neon.tech)