Revert "Add notBefore and notAfter to SSL cert info display"

Due to an oversight in reviewing, this used functionality not
compatible with old versions of OpenSSL.

This reverts commit 75ec5e7bec.

src/backend/catalog/system_views.sql

@@ -970,9 +970,7 @@ CREATE VIEW pg_stat_ssl AS
             S.sslbits AS bits,
             S.ssl_client_dn AS client_dn,
             S.ssl_client_serial AS client_serial,
-            S.ssl_issuer_dn AS issuer_dn,
-            S.ssl_not_before AS not_before,
-            S.ssl_not_after AS not_after
+            S.ssl_issuer_dn AS issuer_dn
     FROM pg_stat_get_activity(NULL) AS S
     WHERE S.client_port IS NOT NULL;
 

src/backend/libpq/be-secure-openssl.c

@@ -36,7 +36,6 @@
 #include "tcop/tcopprot.h"
 #include "utils/builtins.h"
 #include "utils/memutils.h"
-#include "utils/timestamp.h"
 
 /*
  * These SSL-related #includes must come after all system-provided headers.
@@ -73,7 +72,6 @@ static bool initialize_ecdh(SSL_CTX *context, bool isServerStart);
 static const char *SSLerrmessage(unsigned long ecode);
 
 static char *X509_NAME_to_cstring(X509_NAME *name);
-static Timestamp ASN1_TIME_to_timestamp(ASN1_TIME *time);
 
 static SSL_CTX *SSL_context = NULL;
 static bool SSL_initialized = false;
@@ -1408,24 +1406,6 @@ be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len)
 		ptr[0] = '\0';
 }
 
-void
-be_tls_get_peer_not_before(Port *port, Timestamp *ptr)
-{
-	if (port->peer)
-		*ptr = ASN1_TIME_to_timestamp(X509_get_notBefore(port->peer));
-	else
-		*ptr = 0;
-}
-
-void
-be_tls_get_peer_not_after(Port *port, Timestamp *ptr)
-{
-	if (port->peer)
-		*ptr = ASN1_TIME_to_timestamp(X509_get_notAfter(port->peer));
-	else
-		*ptr = 0;
-}
-
 void
 be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
 {
@@ -1569,33 +1549,6 @@ X509_NAME_to_cstring(X509_NAME *name)
 	return result;
 }
 
-/*
- * Convert an ASN1_TIME to a Timestamp
- */
-static Timestamp
-ASN1_TIME_to_timestamp(ASN1_TIME * time)
-{
-	struct tm	tm_time;
-	struct pg_tm pgtm_time;
-	Timestamp	ts;
-
-	ASN1_TIME_to_tm(time, &tm_time);
-
-	pgtm_time.tm_sec = tm_time.tm_sec;
-	pgtm_time.tm_min = tm_time.tm_min;
-	pgtm_time.tm_hour = tm_time.tm_hour;
-	pgtm_time.tm_mday = tm_time.tm_mday;
-	pgtm_time.tm_mon = tm_time.tm_mon + 1;
-	pgtm_time.tm_year = tm_time.tm_year + 1900;
-
-	if (tm2timestamp(&pgtm_time, 0, NULL, &ts))
-		ereport(ERROR,
-				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
-				 errmsg("timestamp out of range")));
-
-	return ts;
-}
-
 /*
  * Convert TLS protocol version GUC enum to OpenSSL values
  *

src/backend/utils/activity/backend_status.c

@@ -367,8 +367,6 @@ pgstat_bestart(void)
 		be_tls_get_peer_subject_name(MyProcPort, lsslstatus.ssl_client_dn, NAMEDATALEN);
 		be_tls_get_peer_serial(MyProcPort, lsslstatus.ssl_client_serial, NAMEDATALEN);
 		be_tls_get_peer_issuer_name(MyProcPort, lsslstatus.ssl_issuer_dn, NAMEDATALEN);
-		be_tls_get_peer_not_before(MyProcPort, &lsslstatus.ssl_not_before);
-		be_tls_get_peer_not_after(MyProcPort, &lsslstatus.ssl_not_after);
 	}
 	else
 	{

src/backend/utils/adt/pgstatfuncs.c

@@ -303,7 +303,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
 Datum
 pg_stat_get_activity(PG_FUNCTION_ARGS)
 {
-#define PG_STAT_GET_ACTIVITY_COLS	33
+#define PG_STAT_GET_ACTIVITY_COLS	31
 	int			num_backends = pgstat_fetch_stat_numbackends();
 	int			curr_backend;
 	int			pid = PG_ARGISNULL(0) ? -1 : PG_GETARG_INT32(0);
@@ -395,7 +395,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 			pfree(clipped_activity);
 
 			/* leader_pid */
-			nulls[31] = true;
+			nulls[29] = true;
 
 			proc = BackendPidGetProc(beentry->st_procpid);
 
@@ -432,8 +432,8 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 				 */
 				if (leader && leader->pid != beentry->st_procpid)
 				{
-					values[31] = Int32GetDatum(leader->pid);
-					nulls[31] = false;
+					values[29] = Int32GetDatum(leader->pid);
+					nulls[29] = false;
 				}
 				else if (beentry->st_backendType == B_BG_WORKER)
 				{
@@ -441,8 +441,8 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 
 					if (leader_pid != InvalidPid)
 					{
-						values[31] = Int32GetDatum(leader_pid);
-						nulls[31] = false;
+						values[29] = Int32GetDatum(leader_pid);
+						nulls[29] = false;
 					}
 				}
 			}
@@ -587,45 +587,35 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 					values[24] = CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);
 				else
 					nulls[24] = true;
-
-				if (beentry->st_sslstatus->ssl_not_before != 0)
-					values[25] = TimestampGetDatum(beentry->st_sslstatus->ssl_not_before);
-				else
-					nulls[25] = true;
-
-				if (beentry->st_sslstatus->ssl_not_after != 0)
-					values[26] = TimestampGetDatum(beentry->st_sslstatus->ssl_not_after);
-				else
-					nulls[26] = true;
 			}
 			else
 			{
 				values[18] = BoolGetDatum(false);	/* ssl */
-				nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = nulls[25] = nulls[26] = true;
+				nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = true;
 			}
 
 			/* GSSAPI information */
 			if (beentry->st_gss)
 			{
-				values[27] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
-				values[28] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
-				values[29] = BoolGetDatum(beentry->st_gssstatus->gss_enc);	/* GSS Encryption in use */
-				values[30] = BoolGetDatum(beentry->st_gssstatus->gss_delegation);	/* GSS credentials
+				values[25] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
+				values[26] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
+				values[27] = BoolGetDatum(beentry->st_gssstatus->gss_enc);	/* GSS Encryption in use */
+				values[28] = BoolGetDatum(beentry->st_gssstatus->gss_delegation);	/* GSS credentials
 																					 * delegated */
 			}
 			else
 			{
-				values[27] = BoolGetDatum(false);	/* gss_auth */
-				nulls[28] = true;	/* No GSS principal */
-				values[29] = BoolGetDatum(false);	/* GSS Encryption not in
+				values[25] = BoolGetDatum(false);	/* gss_auth */
+				nulls[26] = true;	/* No GSS principal */
+				values[27] = BoolGetDatum(false);	/* GSS Encryption not in
 													 * use */
-				values[30] = BoolGetDatum(false);	/* GSS credentials not
+				values[28] = BoolGetDatum(false);	/* GSS credentials not
 													 * delegated */
 			}
 			if (beentry->st_query_id == 0)
-				nulls[32] = true;
+				nulls[30] = true;
 			else
-				values[32] = UInt64GetDatum(beentry->st_query_id);
+				values[30] = UInt64GetDatum(beentry->st_query_id);
 		}
 		else
 		{
@@ -655,8 +645,6 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 			nulls[28] = true;
 			nulls[29] = true;
 			nulls[30] = true;
-			nulls[31] = true;
-			nulls[32] = true;
 		}
 
 		tuplestore_putvalues(rsinfo->setResult, rsinfo->setDesc, values, nulls);