From 1e942c7474d7b5e4bfa04918d2f68d95902f17b3 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 3 Jan 2017 12:33:29 -0500 Subject: Disable prompting for passphrase while (re)loading SSL config files. OpenSSL's default behavior when loading a passphrase-protected key file is to open /dev/tty and demand the password from there. It was kinda sorta okay to allow that to happen at server start, but really that was never workable in standard daemon environments. And it was a complete fail on Windows, where the same thing would happen at every backend launch. Yesterday's commit de41869b6 put the final nail in the coffin by causing that to happen at every SIGHUP; even if you've still got a terminal acting as the server's TTY, having the postmaster freeze until you enter the passphrase again isn't acceptable. Hence, override the default behavior with a callback that returns an empty string, ensuring failure. Change the documentation to say that you can't have a passphrase-protected server key, period. If we can think of a production-grade way of collecting a passphrase from somewhere, we might do that once at server startup and use this callback to feed it to OpenSSL, but it's far from clear that anyone cares enough to invest that much work in the feature. The lack of complaints about the existing fractionally-baked behavior suggests nobody's using it anyway. Discussion: https://postgr.es/m/29982.1483412575@sss.pgh.pa.us --- doc/src/sgml/runtime.sgml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 65c7809332e..38f561886a1 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2159,9 +2159,8 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 - If the private key is protected with a passphrase, the - server will prompt for the passphrase and will not start until it has - been entered. + The private key cannot be protected with a passphrase, as there is no + way to supply the passphrase to the server. @@ -2315,8 +2314,8 @@ openssl req -new -text -out server.req you enter the local host name as Common Name; the challenge password can be left blank. The program will generate a key that is passphrase protected; it will not accept a passphrase that is less - than four characters long. To remove the passphrase (as you must if - you want automatic start-up of the server), run the commands: + than four characters long. To remove the passphrase again (as you must), + next run the commands: openssl rsa -in privkey.pem -out server.key rm privkey.pem -- cgit v1.2.3