On Wed, Oct 28, 2020 at 02:29:16PM -0400, Bruce Momjian wrote: > On Wed, Oct 28, 2020 at 12:02:46PM +0800, Craig Ringer wrote: > > Yes, that's possible. But in that case the passphrase will be asked for by > > openssl only when required, and we'll need to supply an openssl askpass > > hook. > > What we _will_ need is access to a /dev/tty file descriptor, and this > patch does that, though it closes it as soon as the internal keys are > unlocked so the terminal can be disconnected from the database > processes.
FYI, the file descriptor facility will eventually allow for SSL certificate unlocking passwords to be prompted from the terminal, instead of requiring the use of ssl_passphrase_command, but let's get the facility fully completed first. -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee