From 2da74d8d6400975bf73fb0df97c3943ad3ed9a36 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Thu, 3 Apr 2025 13:16:43 +0200 Subject: libpq: Add support for dumping SSL key material to file This adds a new connection parameter which instructs libpq to write out keymaterial clientside into a file in order to make connection debugging with Wireshark and similar tools possible. The file format used is the standardized NSS format. Author: Abhishek Chanda Co-authored-by: Daniel Gustafsson Reviewed-by: Jacob Champion Discussion: https://postgr.es/m/CAKiP-K85C8uQbzXKWf5wHQPkuygGUGcufke713iHmYWOe9q2dA@mail.gmail.com --- doc/src/sgml/libpq.sgml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'doc/src') diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index d7051190320..5e3281ca2eb 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1918,6 +1918,30 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname + + sslkeylogfile + + + This parameter specifies the location where libpq + will log keys used in this SSL context. This is useful for debugging + PostgreSQL protocol interactions or client + connections using network inspection tools like + Wireshark. This parameter is ignored if an + SSL connection is not made, or if LibreSSL + is used (LibreSSL does not support key + logging). Keys are logged using the NSS + format. + + + Key logging will expose potentially sensitive information in the + keylog file. Keylog files should be handled with the same care as + files. + + + + + + sslpassword -- cgit v1.2.3