[pgpool-hackers: 3565] Re: Proposal: Support for SSL passphrase

Umar Hayat m.umarkiani at gmail.com
Thu Mar 26 15:33:55 JST 2020


Hi Hackers,
Please find attached test case for SSL Passphrase Support. A new
configuration variable is added 'ssl_passphrase_command'. External command
provided in this variable will be used to get passphrase to decrypt SSL
file(s). As mentioned in last email, If passphrase is required but not
provided using this configuration variable, PgPool will fail to load (
which is same behaviour as of now pgpool 4.1 ).

Patch Include:
1. SSL Passphrase call backs implementation
2. Test cases
3. Documentation

Let me know, any feedback/suggestions, or any scenario that I have missed?

Regards,
Umar Hayat
Principle Software Engineer
EnterpriseDB: https://www.enterprisedb.com



On Fri, Mar 13, 2020 at 3:03 PM Umar Hayat <m.umarkiani at gmail.com> wrote:

> Hi Hackers,
> I am implementing  support of SSL passphrase feature for PgPool. If we
> comparing existing PostgreSQL and PgPool implementation of SSL (when
> passphrase is required) :
> PostgreSQL:
> On Server start,
> a) If 'ssl_passphrase_command' defined, It will register call back for
> external command provide
> b) otherwise it will register default, which is *prompting* user to input
> password
> On Reload Configuration,
> a) If 'ssl_passphrase_command' is defined and
> 'ssl_passphrase_command_supports_reload' is define, then use external
> command provided in 'ssl_passphrase_command'
> b) otherwise suppress prompt, and fail intentionally with dummy value.
>
> PgPool:
> a) Register dummy implementation and fails in all cases.
>
> My question is:
> Should we prompt for pass phrase in any case ? or user must provide
> password via 'ssl_passphrase_command' only. Any suggestions?
> If we should provide prompt, in which scenario ?
>
> At the moment, what I implemented is, No prompt in any case.
>
> Regards,
> Umar Hayat
> Principle Software Engineer
> EnterpriseDB: https://www.enterprisedb.com
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200326/7041693c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl_passphrase.diff
Type: application/octet-stream
Size: 16779 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200326/7041693c/attachment-0001.obj>


More information about the pgpool-hackers mailing list