Hello, It seems there's rough consensus on proceeding with a connection param and no environment variable. TBH it's not very clear to me that an envvar is a great way to drive this, even if there weren't security considerations at play, just considering the case of a multithreaded program that opens two connections ... reading that log file is going to be super fun.
In initialize_SSL(), the test for conn->sslkeylogfile is inside the #ifdef for the existance of the SSL function. I think it's better to log a message (probably just a warning) that says "this feature is not supported with this TLS library" rather than doing nothing. Silently failing to act is just painful for the user who then has to go to our source file to figure out why the setting isn't taking effect. Thanks, -- Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/ "La primera ley de las demostraciones en vivo es: no trate de usar el sistema. Escriba un guión que no toque nada para no causar daños." (Jakob Nielsen)
