| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | pg_stat_ssl additions |
| Date: | 2018-10-17 22:05:15 |
| Message-ID: | 398754d8-6bb5-c5cf-e7b8-22e5f0983caf@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
During discussions of alternative SSL implementations, contrib/sslinfo
is usually mentioned as something that something needs to be done about.
I've looked into adapting some functionality from sslinfo into the
pg_stat_ssl view. These two facilities have a lot of overlap but seem
mostly oblivious to each other.
The attached patch series
- Adds a documentation link from sslinfo to pg_stat_ssl.
- Adds tests under src/test/ssl/ for the pg_stat_ssl view.
- Changes pg_stat_ssl.clientdn to be null if there is no client
certificate (as documented, but not implemented). (bug fix)
- Adds new fields to pg_stat_ssl: issuerdn and clientserial. These
allow uniquely identifying the client certificate. AFAICT, these are
the most interesting pieces of information provided by sslinfo but not
in pg_stat_ssl. (I don't like the underscore-free naming of these
fields, but it matches the existing "clientdn".)
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-doc-Add-link-from-sslinfo-to-pg_stat_ssl.patch | text/plain | 941 bytes |
| v1-0002-Add-tests-for-pg_stat_ssl-system-view.patch | text/plain | 1.7 KB |
| v1-0003-Fix-pg_stat_ssl.clientdn.patch | text/plain | 1.7 KB |
| v1-0004-Add-more-columns-to-pg_stat_ssl.patch | text/plain | 13.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2018-10-17 22:08:33 | Re: DSM robustness failure (was Re: Peripatus/failures) |
| Previous Message | Andres Freund | 2018-10-17 21:51:06 | Re: Large writable variables |