[pgpool-hackers: 3571] Re: Proposal: Support for SSL passphrase
Tatsuo Ishii
ishii at sraoss.co.jp
Wed Apr 1 14:55:28 JST 2020
Oops. That's surely my fault. I have pushed cert.sh. Thanks!
> Hi Tatsuo,
> Looking at the error in log:
> *"*
>
>
> *./test.sh: line 12: ./cert.sh: No such file or directorychmod: cannot
> access `*.key': No such file or directory*
> *"*
> I see one test helper file ( i.e. 'cert.sh' ) is not committed from my
> patch, because of that ssl artefacts are not generated for test.
>
>
> On Wed, Apr 1, 2020 at 9:57 AM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
>
>> Hi Umar,
>>
>> Unfortunately the build farm is failing on the new
>> 029.cert_passphrase. Can you please take a look at this?
>>
>> > I have committed the patches with small modification. The regression
>> > test is located in 072 in the patch, which is in the number range for
>> > bug cases (050 or above). So I changed it to 029.
>> >
>> > Also I have added a Japanese document as usual.
>> >
>> > Again, thank you!
>> >
>> >> Thanks. I will look into this.
>> >>
>> >> Best regards,
>> >> --
>> >> Tatsuo Ishii
>> >> SRA OSS, Inc. Japan
>> >> English: http://www.sraoss.co.jp/index_en.php
>> >> Japanese:http://www.sraoss.co.jp
>> >>
>> >>> Hi Hackers,
>> >>> Please find attached test case for SSL Passphrase Support. A new
>> >>> configuration variable is added 'ssl_passphrase_command'. External
>> command
>> >>> provided in this variable will be used to get passphrase to decrypt SSL
>> >>> file(s). As mentioned in last email, If passphrase is required but not
>> >>> provided using this configuration variable, PgPool will fail to load (
>> >>> which is same behaviour as of now pgpool 4.1 ).
>> >>>
>> >>> Patch Include:
>> >>> 1. SSL Passphrase call backs implementation
>> >>> 2. Test cases
>> >>> 3. Documentation
>> >>>
>> >>> Let me know, any feedback/suggestions, or any scenario that I have
>> missed?
>> >>>
>> >>> Regards,
>> >>> Umar Hayat
>> >>> Principle Software Engineer
>> >>> EnterpriseDB: https://www.enterprisedb.com
>> >>>
>> >>>
>> >>>
>> >>> On Fri, Mar 13, 2020 at 3:03 PM Umar Hayat <m.umarkiani at gmail.com>
>> wrote:
>> >>>
>> >>>> Hi Hackers,
>> >>>> I am implementing support of SSL passphrase feature for PgPool. If we
>> >>>> comparing existing PostgreSQL and PgPool implementation of SSL (when
>> >>>> passphrase is required) :
>> >>>> PostgreSQL:
>> >>>> On Server start,
>> >>>> a) If 'ssl_passphrase_command' defined, It will register call back for
>> >>>> external command provide
>> >>>> b) otherwise it will register default, which is *prompting* user to
>> input
>> >>>> password
>> >>>> On Reload Configuration,
>> >>>> a) If 'ssl_passphrase_command' is defined and
>> >>>> 'ssl_passphrase_command_supports_reload' is define, then use external
>> >>>> command provided in 'ssl_passphrase_command'
>> >>>> b) otherwise suppress prompt, and fail intentionally with dummy value.
>> >>>>
>> >>>> PgPool:
>> >>>> a) Register dummy implementation and fails in all cases.
>> >>>>
>> >>>> My question is:
>> >>>> Should we prompt for pass phrase in any case ? or user must provide
>> >>>> password via 'ssl_passphrase_command' only. Any suggestions?
>> >>>> If we should provide prompt, in which scenario ?
>> >>>>
>> >>>> At the moment, what I implemented is, No prompt in any case.
>> >>>>
>> >>>> Regards,
>> >>>> Umar Hayat
>> >>>> Principle Software Engineer
>> >>>> EnterpriseDB: https://www.enterprisedb.com
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >> _______________________________________________
>> >> pgpool-hackers mailing list
>> >> pgpool-hackers at pgpool.net
>> >> http://www.pgpool.net/mailman/listinfo/pgpool-hackers
>> > _______________________________________________
>> > pgpool-hackers mailing list
>> > pgpool-hackers at pgpool.net
>> > http://www.pgpool.net/mailman/listinfo/pgpool-hackers
>>
More information about the pgpool-hackers
mailing list