Re: Proposal for implementing OCSP Stapling in PostgreSQL

Hi Hackers,

This is the third version patch for "Certificate status check using OCSP
Stapling" with ssl regression test cases added.

Here is how I run the ssl regression test:
    ./configure --enable-tap-tests --with-openssl
    make -j
    cd src/test/ssl
    make sslfiles
    make check PG_TEST_EXTRA=ssl

expected results:
    # +++ tap check in src/test/ssl +++
    t/001_ssltests.pl .. ok
    t/002_scram.pl ..... ok
    t/003_sslinfo.pl ... ok
    All tests successful.
    Files=3, Tests=279, 17 wallclock secs ( 0.05 usr  0.01 sys + 2.32
cusr  2.16 csys =  4.54 CPU)

    Result: PASS

Notes, before executing the SSL regression tests with the command `make
check PG_TEST_EXTRA=ssl`, it is necessary to wait for 1 minute after
running `make sslfiles`. This delay is required because the newly
generated OCSP responses for the 'expired' test cases need 1 minute to
pass the nextUpdate period. Once the stapled OCSP response files for the
tests are committed as test input, there is no need to wait, similar to
certificate files.

Any comments or feedback would be greatly appreciated!

Thank you,

David