Re: Adding support for SSLKEYLOGFILE in the frontend

On Wed, Mar 5, 2025 at 9:21 AM Daniel Gustafsson <daniel@yesql.se> wrote:
> I managed to misunderstand skip blocks in TAP tests in the 0002, so the
> attached version fixes that.  It has been failing on Debian in CI which I have
> yet to look into.

Drive-by comment:

> +    {"sslkeylogfile", "PGSSLKEYLOGFILE",
> +        "", NULL,
> +        "SSL-Key-Log-File", "", 0, /* sizeof("") = 0 */
> +    offsetof(struct pg_conn, sslkeylogfile)},

Adding the PG prefix to the envvar name addresses my collision
concern, but I think Tom's comment upthread [1] was saying that we
should not provide any envvar at all:

> I think it might be safer if we only accepted it as a connection
> parameter and not via an environment variable.

Is the addition of the PG prefix enough to address that concern too?
(Are people already sanitizing their environments for all PG*
variables?)

Thanks,
--Jacob

[1] https://postgr.es/m/1774813.1736385450%40sss.pgh.pa.us