[pgpool-hackers: 3570] Re: Proposal: Support for SSL passphrase
Umar Hayat
m.umarkiani at gmail.com
Wed Apr 1 14:49:39 JST 2020
Hi Tatsuo,
Looking at the error in log:
*"*
*./test.sh: line 12: ./cert.sh: No such file or directorychmod: cannot
access `*.key': No such file or directory*
*"*
I see one test helper file ( i.e. 'cert.sh' ) is not committed from my
patch, because of that ssl artefacts are not generated for test.
On Wed, Apr 1, 2020 at 9:57 AM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
> Hi Umar,
>
> Unfortunately the build farm is failing on the new
> 029.cert_passphrase. Can you please take a look at this?
>
> > I have committed the patches with small modification. The regression
> > test is located in 072 in the patch, which is in the number range for
> > bug cases (050 or above). So I changed it to 029.
> >
> > Also I have added a Japanese document as usual.
> >
> > Again, thank you!
> >
> >> Thanks. I will look into this.
> >>
> >> Best regards,
> >> --
> >> Tatsuo Ishii
> >> SRA OSS, Inc. Japan
> >> English: http://www.sraoss.co.jp/index_en.php
> >> Japanese:http://www.sraoss.co.jp
> >>
> >>> Hi Hackers,
> >>> Please find attached test case for SSL Passphrase Support. A new
> >>> configuration variable is added 'ssl_passphrase_command'. External
> command
> >>> provided in this variable will be used to get passphrase to decrypt SSL
> >>> file(s). As mentioned in last email, If passphrase is required but not
> >>> provided using this configuration variable, PgPool will fail to load (
> >>> which is same behaviour as of now pgpool 4.1 ).
> >>>
> >>> Patch Include:
> >>> 1. SSL Passphrase call backs implementation
> >>> 2. Test cases
> >>> 3. Documentation
> >>>
> >>> Let me know, any feedback/suggestions, or any scenario that I have
> missed?
> >>>
> >>> Regards,
> >>> Umar Hayat
> >>> Principle Software Engineer
> >>> EnterpriseDB: https://www.enterprisedb.com
> >>>
> >>>
> >>>
> >>> On Fri, Mar 13, 2020 at 3:03 PM Umar Hayat <m.umarkiani at gmail.com>
> wrote:
> >>>
> >>>> Hi Hackers,
> >>>> I am implementing support of SSL passphrase feature for PgPool. If we
> >>>> comparing existing PostgreSQL and PgPool implementation of SSL (when
> >>>> passphrase is required) :
> >>>> PostgreSQL:
> >>>> On Server start,
> >>>> a) If 'ssl_passphrase_command' defined, It will register call back for
> >>>> external command provide
> >>>> b) otherwise it will register default, which is *prompting* user to
> input
> >>>> password
> >>>> On Reload Configuration,
> >>>> a) If 'ssl_passphrase_command' is defined and
> >>>> 'ssl_passphrase_command_supports_reload' is define, then use external
> >>>> command provided in 'ssl_passphrase_command'
> >>>> b) otherwise suppress prompt, and fail intentionally with dummy value.
> >>>>
> >>>> PgPool:
> >>>> a) Register dummy implementation and fails in all cases.
> >>>>
> >>>> My question is:
> >>>> Should we prompt for pass phrase in any case ? or user must provide
> >>>> password via 'ssl_passphrase_command' only. Any suggestions?
> >>>> If we should provide prompt, in which scenario ?
> >>>>
> >>>> At the moment, what I implemented is, No prompt in any case.
> >>>>
> >>>> Regards,
> >>>> Umar Hayat
> >>>> Principle Software Engineer
> >>>> EnterpriseDB: https://www.enterprisedb.com
> >>>>
> >>>>
> >>>>
> >>>>
> >> _______________________________________________
> >> pgpool-hackers mailing list
> >> pgpool-hackers at pgpool.net
> >> http://www.pgpool.net/mailman/listinfo/pgpool-hackers
> > _______________________________________________
> > pgpool-hackers mailing list
> > pgpool-hackers at pgpool.net
> > http://www.pgpool.net/mailman/listinfo/pgpool-hackers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200401/e73c57e8/attachment.html>
More information about the pgpool-hackers
mailing list