<div dir="ltr">Hi Hackers,<div>Please find attached test case for SSL Passphrase Support. A new configuration variable is added 'ssl_passphrase_command'. External command provided in this variable will be used to get passphrase to decrypt SSL file(s). As mentioned in last email, If passphrase is required but not provided using this configuration variable, PgPool will fail to load ( which is same behaviour as of now pgpool 4.1 ).</div><div><br></div><div>Patch Include:</div><div>1. SSL Passphrase call backs implementation</div><div>2. Test cases</div><div>3. Documentation</div><div><div><br></div><div>Let me know, any feedback/suggestions, or any scenario that I have missed?</div></div><div><br></div><div>Regards,</div><div>Umar Hayat<br>Principle Software Engineer</div><div>EnterpriseDB: <a href="https://www.enterprisedb.com">https://www.enterprisedb.com</a></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Mar 13, 2020 at 3:03 PM Umar Hayat <<a href="mailto:m.umarkiani@gmail.com">m.umarkiani@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Hackers, <div>I am implementing support of SSL passphrase feature for PgPool. If we comparing existing PostgreSQL and PgPool implementation of SSL (when passphrase is required) :</div><div>PostgreSQL:</div><div>On Server start, </div><div>a) If 'ssl_passphrase_command' defined, It will register call back for external command provide</div><div>b) otherwise it will register default, which is *prompting* user to input password</div><div>On Reload Configuration,</div><div>a) If 'ssl_passphrase_command' is defined and 'ssl_passphrase_command_supports_reload' is define, then use external command provided in 'ssl_passphrase_command'</div><div>b) otherwise suppress prompt, and fail intentionally with dummy value.</div><div><br></div><div>PgPool:</div><div>a) Register dummy implementation and fails in all cases.</div><div><br></div><div>My question is:</div><div>Should we prompt for pass phrase in any case ? or user must provide password via 'ssl_passphrase_command' only. Any suggestions?</div><div>If we should provide prompt, in which scenario ?</div><div><br></div><div>At the moment, what I implemented is, No prompt in any case.</div><div><br></div><div>Regards,</div><div>Umar Hayat</div><div>Principle Software Engineer</div><div>EnterpriseDB: <a href="https://www.enterprisedb.com" target="_blank">https://www.enterprisedb.com</a> </div><div><br></div><div><br></div><div><br></div></div>
</blockquote></div>