| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Cary Huang <cary(dot)huang(at)highgo(dot)ca> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sslinfo extension - add notbefore and notafter timestamps |
| Date: | 2023-06-28 06:26:39 |
| Message-ID: | 10E8A199-26FF-4486-B00F-D3725577FBE4@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 23 Jun 2023, at 22:10, Cary Huang <cary(dot)huang(at)highgo(dot)ca> wrote:
>> Off the cuff that doesn't seem like a bad idea, but I wonder if we should add
>> them to pg_stat_ssl (or both) instead if we deem them valuable?
>
> I think the same information should be available to pg_stat_ssl as well. pg_stat_ssl can show the client certificate information for all connecting clients, having it to show not_before and not_after timestamps of every client are important in my opinion. The attached patch "v2-0002-pg-stat-ssl-add-notbefore-and-notafter-timestamps.patch" adds this support
This needs to adjust the tests in src/test/ssl which now fails due to SELECT *
returning a row which doesn't match what the test was coded for.
>> Re the patch, it would be nice to move the logic in ssl_client_get_notafter and
>> the _notbefore counterpart to a static function since they are copies of
>> eachother.
>
> Yes agreed. I have made the adjustment attached as "v2-0001-sslinfo-add-notbefore-and-notafter-timestamps.patch"
The new patchset isn't updating contrib/sslinfo/meson with the 1.3 update so it
fails to build with Meson.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jian he | 2023-06-28 06:26:52 | Re: Do we want a hashset type? |
| Previous Message | Laurenz Albe | 2023-06-28 06:24:45 | Re: Assistance Needed: Issue with pg_upgrade and --link option |