On 07.11.25 21:26, Daniel Gustafsson wrote:
> When I was writing tests for the SSL SNI patch [0] I realized that the current
> tests for ssl passphrase commands aren't fully exercising the feature, so I
> extended them to better understand how it works. Attached is an extended set
> of tests for passphrase protected keys where connection and reloads are tested
> as well as their different characteristics on Windows.
>
> The patchset also contains a small doc addition which documents the fact that
> passphrase command reloading must be on when running on Windows (EXEC_BACKEND)
> since every backend will issue a SSL configuration reload.
Your test code conflates $windows_os with EXEC_BACKEND. It should work
to enable EXEC_BACKEND on a non-Windows system and have everything work.
So I think that code needs to extract the actual EXEC_BACKEND setting
somehow, instead of using the OS identity as a proxy.
About the behavior that your documentation patch describes, I would like
to have some kind of reflection of that in the code as well. At least a
comment near default_openssl_tls_init() maybe? I haven't traced the
code through, but I would be curious about what is different in an
EXEC_BACKEND environment. For example, is the argument isServerStart
also true if it's not a server start? Or should the setting actually be
enforced directly on the GUC system?
