On 20/03/2025 11:39, Álvaro Herrera wrote:
> Hello,
>
> It seems there's rough consensus on proceeding with a connection param
> and no environment variable. TBH it's not very clear to me that an
> envvar is a great way to drive this, even if there weren't security
> considerations at play, just considering the case of a multithreaded
> program that opens two connections ... reading that log file is going to
> be super fun.
I believe the usual way to use SSLKEYLOGFILE is indeed to append all
keys to the same file. That's how I use, at least. I'm not sure if
openssl has some locking on it, but I've never had a problem with having
data from different connections mixed up. The lines are not that long,
it probably just relies on write(2) being atomic enough.
--
Heikki Linnakangas
Neon (https://neon.tech)
