> On 23 Jun 2023, at 22:10, Cary Huang <cary.huang@highgo.ca> wrote:
>> Off the cuff that doesn't seem like a bad idea, but I wonder if we should add
>> them to pg_stat_ssl (or both) instead if we deem them valuable?
>
> I think the same information should be available to pg_stat_ssl as well. pg_stat_ssl can show the client certificate
informationfor all connecting clients, having it to show not_before and not_after timestamps of every client are
importantin my opinion. The attached patch "v2-0002-pg-stat-ssl-add-notbefore-and-notafter-timestamps.patch" adds this
support
This needs to adjust the tests in src/test/ssl which now fails due to SELECT *
returning a row which doesn't match what the test was coded for.
>> Re the patch, it would be nice to move the logic in ssl_client_get_notafter and
>> the _notbefore counterpart to a static function since they are copies of
>> eachother.
>
> Yes agreed. I have made the adjustment attached as "v2-0001-sslinfo-add-notbefore-and-notafter-timestamps.patch"
The new patchset isn't updating contrib/sslinfo/meson with the 1.3 update so it
fails to build with Meson.
--
Daniel Gustafsson