Thanks for the feedback, everyone. Attached a followup with the following changes compared to the initial version:
1. Converted sslkeylogfile to a connection parameter 2. Added a mechanism to chmod the key log file to 0600 3. Added docs and tests I tested this manually. Also ran make check and make check-world locally. Please let me know if this needs any other changes. Thanks On Thu, Jan 9, 2025 at 2:36 PM Jacob Champion <jacob.champ...@enterprisedb.com> wrote: > > On Wed, Jan 8, 2025 at 5:17 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > I think it might be safer if we only accepted it as a connection > > parameter and not via an environment variable. > > Making it a connection parameter also keeps us from colliding with any > other linked libraries' use of SSLKEYLOGFILE (I'm thinking about > libcurl at the moment, but I think maybe NSS used it too?). > > --Jacob -- Thanks and regards Abhishek Chanda
v2-0001-Add-support-for-dumping-SSL-keylog-to-a-file.patch
Description: Binary data
