database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-27 12:41:57 +03:00
Code Activity

Disable prompting for passphrase while (re)loading SSL config files.

Browse Source 
OpenSSL's default behavior when loading a passphrase-protected key file
is to open /dev/tty and demand the password from there.  It was kinda
sorta okay to allow that to happen at server start, but really that was
never workable in standard daemon environments.  And it was a complete
fail on Windows, where the same thing would happen at every backend launch.
Yesterday's commit de41869b6 put the final nail in the coffin by causing
that to happen at every SIGHUP; even if you've still got a terminal acting
as the server's TTY, having the postmaster freeze until you enter the
passphrase again isn't acceptable.

Hence, override the default behavior with a callback that returns an empty
string, ensuring failure.  Change the documentation to say that you can't
have a passphrase-protected server key, period.

If we can think of a production-grade way of collecting a passphrase from
somewhere, we might do that once at server startup and use this callback
to feed it to OpenSSL, but it's far from clear that anyone cares enough
to invest that much work in the feature.  The lack of complaints about
the existing fractionally-baked behavior suggests nobody's using it anyway.

Discussion: https://postgr.es/m/29982.1483412575@sss.pgh.pa.us
This commit is contained in:
Tom Lane
2017-01-03 12:33:29 -05:00
parent 3d54c16c24
commit 1e942c7474
2 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/src/sgml/runtime.sgml
View File

@ -2159,9 +2159,8 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
</para>
<para>
If the private key is protected with a passphrase, the
server will prompt for the passphrase and will not start until it has
been entered.
The private key cannot be protected with a passphrase, as there is no
way to supply the passphrase to the server.
</para>
<para>
@ -2315,8 +2314,8 @@ openssl req -new -text -out server.req
you enter the local host name as <quote>Common Name</>; the challenge
password can be left blank. The program will generate a key that is
passphrase protected; it will not accept a passphrase that is less
than four characters long. To remove the passphrase (as you must if
you want automatic start-up of the server), run the commands:
than four characters long. To remove the passphrase again (as you must),
next run the commands:
<programlisting>
openssl rsa -in privkey.pem -out server.key
rm privkey.pem