> Off the cuff that doesn't seem like a bad idea, but I wonder if we should add
> them to pg_stat_ssl (or both) instead if we deem them valuable?
I think the same information should be available to pg_stat_ssl as well. pg_stat_ssl can show the client certificate
informationfor all connecting clients, having it to show not_before and not_after timestamps of every client are
importantin my opinion. The attached patch "v2-0002-pg-stat-ssl-add-notbefore-and-notafter-timestamps.patch" adds this
support
> Re the patch, it would be nice to move the logic in ssl_client_get_notafter and
> the _notbefore counterpart to a static function since they are copies of
> eachother.
Yes agreed. I have made the adjustment attached as "v2-0001-sslinfo-add-notbefore-and-notafter-timestamps.patch"
would this feature be suitable to be added to commitfest? What do you think?
thank you
Cary Huang
-------------
HighGo Software Inc. (Canada)
cary.huang@highgo.ca
www.highgo.ca
