Re: Extended test coverage and docs for SSL passphrase commands

On 07.11.25 21:26, Daniel Gustafsson wrote:
> When I was writing tests for the SSL SNI patch [0] I realized that the current
> tests for ssl passphrase commands aren't fully exercising the feature, so I
> extended them to better understand how it works.  Attached is an extended set
> of tests for passphrase protected keys where connection and reloads are tested
> as well as their different characteristics on Windows.
> 
> The patchset also contains a small doc addition which documents the fact that
> passphrase command reloading must be on when running on Windows (EXEC_BACKEND)
> since every backend will issue a SSL configuration reload.

Your test code conflates $windows_os with EXEC_BACKEND.  It should work 
to enable EXEC_BACKEND on a non-Windows system and have everything work. 
  So I think that code needs to extract the actual EXEC_BACKEND setting 
somehow, instead of using the OS identity as a proxy.

About the behavior that your documentation patch describes, I would like 
to have some kind of reflection of that in the code as well.  At least a 
comment near default_openssl_tls_init() maybe?  I haven't traced the 
code through, but I would be curious about what is different in an 
EXEC_BACKEND environment.  For example, is the argument isServerStart 
also true if it's not a server start?  Or should the setting actually be 
enforced directly on the GUC system?