Re: [HACKERS] SSL key with passphrase
On Wed, Sep 14, 2011 at 02:40:15AM +0100, Thom Brown wrote: > On 13 September 2011 15:17, Tom Lane wrote: > > Thom Brown writes: > >> There appears to be a problem with starting Postgres if the SSL key > >> has a passphrase on it. > > > > It's documented that that's unsupported. Given the number of ways to > > start a postmaster, and the fact that many of them are noninteractive, > > I don't think it's very productive for us to worry about it. > > I've managed to get pg_ctl to accept the passphrase with the -w > option. Works fine like that. Since that works, perhaps the page > referring to SSL could mention this. I have added a documention mention as you suggested for PG 9.3 in the '-w' option section. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + diff --git a/doc/src/sgml/ref/pg_ctl-ref.sgml b/doc/src/sgml/ref/pg_ctl-ref.sgml new file mode 100644 index 37826e9..90725d9 *** a/doc/src/sgml/ref/pg_ctl-ref.sgml --- b/doc/src/sgml/ref/pg_ctl-ref.sgml *** PostgreSQL documentation *** 383,388 --- 383,389 attempts to connect to the server. When waiting for shutdown, pg_ctl waits for the server to remove its PID file. + This option allows the entry of an SSL passphrase on startup. pg_ctl returns an exit code based on the success of the startup or shutdown. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL key with passphrase
On 13 September 2011 15:17, Tom Lane wrote: > Thom Brown writes: >> There appears to be a problem with starting Postgres if the SSL key >> has a passphrase on it. > > It's documented that that's unsupported. Given the number of ways to > start a postmaster, and the fact that many of them are noninteractive, > I don't think it's very productive for us to worry about it. I've managed to get pg_ctl to accept the passphrase with the -w option. Works fine like that. Since that works, perhaps the page referring to SSL could mention this. -- Thom Brown Twitter: @darkixion IRC (freenode): dark_ixion Registered Linux user: #516935 EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL key with passphrase
On 13 September 2011 15:17, Tom Lane wrote: > Thom Brown writes: >> There appears to be a problem with starting Postgres if the SSL key >> has a passphrase on it. > > It's documented that that's unsupported. Given the number of ways to > start a postmaster, and the fact that many of them are noninteractive, > I don't think it's very productive for us to worry about it. For reference, could you point me to the page which states this lack of support? All I could find was a mention that in order to start the service automatically, you would need to remove the passphrase. -- Thom Brown Twitter: @darkixion IRC (freenode): dark_ixion Registered Linux user: #516935 EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] SSL key with passphrase
Thom Brown writes: > There appears to be a problem with starting Postgres if the SSL key > has a passphrase on it. It's documented that that's unsupported. Given the number of ways to start a postmaster, and the fact that many of them are noninteractive, I don't think it's very productive for us to worry about it. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] SSL key with passphrase
Hi, There appears to be a problem with starting Postgres if the SSL key has a passphrase on it. The following happens: Enter PEM pass phrase: FATAL: could not load private key file "server.key": problems getting password Starting with "postgres -D /path/to/cluster" returns: Enter PEM pass phrase: LOG: database system was shut down at 2011-09-13 13:51:51 BST LOG: database system is ready to accept connections LOG: autovacuum launcher started So the postgres binary accepts stdin, but pg_ctl doesn't. This isn't an unusual case, so could I request a fix to allow pg_ctl to take stdin rather than /dev/null? Thanks -- Thom Brown Twitter: @darkixion IRC (freenode): dark_ixion Registered Linux user: #516935 EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
