mirror of
https://github.com/postgres/postgres.git
synced 2025-07-28 23:42:10 +03:00
Add notBefore and notAfter to SSL cert info display
This adds the X509 attributes notBefore and notAfter to sslinfo as well as pg_stat_ssl to allow verifying and identifying the validity period of the current client certificate. OpenSSL has APIs for extracting notAfter and notBefore, but they are only supported in recent versions so we have to calculate the dates by hand in order to make this work for the older versions of OpenSSL that we still support. Original patch by Cary Huang with additional hacking by Jacob and myself. Author: Cary Huang <cary.huang@highgo.ca> Co-author: Jacob Champion <jacob.champion@enterprisedb.com> Co-author: Daniel Gustafsson <daniel@yesql.se> Discussion: https://postgr.es/m/182b8565486.10af1a86f158715.2387262617218380588@highgo.ca
This commit is contained in:
@ -2292,6 +2292,26 @@ description | Waiting for a newly initialized WAL file to reach durable storage
|
||||
This field is truncated like <structfield>client_dn</structfield>.
|
||||
</para></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry role="catalog_table_entry"><para role="column_definition">
|
||||
<structfield>not_before</structfield> <type>text</type>
|
||||
</para>
|
||||
<para>
|
||||
Not before timestamp of the client certificate, or NULL if no client
|
||||
certificate was supplied.
|
||||
</para></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry role="catalog_table_entry"><para role="column_definition">
|
||||
<structfield>not_after</structfield> <type>text</type>
|
||||
</para>
|
||||
<para>
|
||||
Not after timestamp of the client certificate, or NULL if no client
|
||||
certificate was supplied.
|
||||
</para></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
@ -240,6 +240,36 @@ emailAddress
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<function>ssl_client_get_notbefore() returns timestamptz</function>
|
||||
<indexterm>
|
||||
<primary>ssl_client_get_notbefore</primary>
|
||||
</indexterm>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Return the <structfield>not before</structfield> timestamp of the client
|
||||
certificate.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<function>ssl_client_get_notafter() returns timestamptz</function>
|
||||
<indexterm>
|
||||
<primary>ssl_client_get_notafter</primary>
|
||||
</indexterm>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Return the <structfield>not after</structfield> timestamp of the client
|
||||
certificate.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</sect2>
|
||||
|
||||
|
Reference in New Issue
Block a user