| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Cary Huang <cary(dot)huang(at)highgo(dot)ca> |
| Cc: | Pgsql Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sslinfo extension - add notbefore and notafter timestamps |
| Date: | 2022-08-20 11:02:01 |
| Message-ID: | 42389B9C-D0AF-43B0-9554-EE38CE4505B2@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 20 Aug 2022, at 01:00, Cary Huang <cary(dot)huang(at)highgo(dot)ca> wrote:
> I noticed that sslinfo extension does not have functions to return current client certificate's notbefore and notafter timestamps which are also quite important attributes in a X509 certificate. The attached patch adds 2 functions to get notbefore and notafter timestamps from the currently connected client certificate.
Off the cuff that doesn't seem like a bad idea, but I wonder if we should add
them to pg_stat_ssl (or both) instead if we deem them valuable?
Re the patch, it would be nice to move the logic in ssl_client_get_notafter and
the _notbefore counterpart to a static function since they are copies of
eachother.
--
Daniel Gustafsson https://vmware.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Önder Kalacı | 2022-08-20 11:02:03 | Re: [PATCH] Use indexes on the subscriber when REPLICA IDENTITY is full on the publisher |
| Previous Message | Zhihong Yu | 2022-08-20 09:52:29 | Re: including pid's for `There are XX other sessions using the database` |