libpq: Add support for dumping SSL key material to file

This adds a new connection parameter which instructs libpq to write out keymaterial clientside into a file in order to make connection debugging with Wireshark and similar tools possible. The file format used is the standardized NSS format. Author: Abhishek Chanda <abhishek.becs@gmail.com> Co-authored-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com> Discussion: https://postgr.es/m/CAKiP-K85C8uQbzXKWf5wHQPkuygGUGcufke713iHmYWOe9q2dA@mail.gmail.com
2025-07-28 23:42:10 +03:00 · 2025-04-03 13:16:43 +02:00
parent e4309f73f6
commit 2da74d8d64
9 changed files with 120 additions and 2 deletions
--- a/meson.build
+++ b/meson.build
@ -1479,6 +1479,7 @@ if sslopt in ['auto', 'openssl']
      # Function introduced in OpenSSL 1.1.1, not in LibreSSL.
      ['X509_get_signature_info'],
      ['SSL_CTX_set_num_tickets'],
+      ['SSL_CTX_set_keylog_callback'],
    ]

    are_openssl_funcs_complete = true