Announcement: libpkixpq 0.1 released - Mailing list pgsql-hackers

I am pleased to announce the initial release of "libpkixpq", 
PostgreSQL user-defined types and functions that allow the
database to understand the basic PKIX types.  

This release should be considered EXPERIMENTAL.  This is 
literally the first public release and the lack of known
bugs undoubtably speaks to my own poor testing skills, not
to the quality of the code.

The intention of this package is enable the database to extract
(and check) fields from PKIX objects, not to create new ones 
or manipulate existing ones.  The latter functions would best 
be supported via a second set of user-defined functions.

One practical use of these types is to create "friendly" views
of PKIX fields:
 create table x (x x509);
 create view v as   select       x509_serial(x) as serial,      x509_subject(x) as subject,      x509_issuer(x) as
issuer,     x509_notBefore(x) as notBefore,      x509_notAfter(x) as notAfter   from x;
 

A second practical use is supporting integrity checks on the
data:
 create table cachedx (    x       x509,    subject varchar(80)       constraint c1 check (subject = x509_subject(x))
);

This is not yet fully supported since there is no test for equality 
of "x509_name" objects.  You can compare individual components.


These new types are defined:
 Certificates and bags:
   x509   pkcs7   pkcs8   pkcs12
 Other PKIX information:
   x509_req   x509_crl   pubkey   rsapubkey   dsapubkey   dsaparams   dhparams
 Miscellaneous
   x509_name   asn1_integer (probably renamed in future)

A large number of accessor functions are also defined, see the
"test" directory for a list of these files and demonstrations of
their use.

Source:

1) Source is available at http://www.dimensional.com/~bgiles/

2) Source is released under a new-style BSD license.

3) Source can be built with either standard autoconf techniques,  or as a Debian package.

4) Ideally, the source will eventually be distributed as  contributed code with either the PostgreSQL or OpenSSL
projects.

Requirements:

1) OpenSSL 0.9.6b was used during development, but (slightly) older  versions shouldn't be a problem.

2) PostgreSQL 7.1.3, primarily because all new types are "TOASTable"  to allow the contents to be moved out of the main
tablewhen necessary.
 

Known bugs:

1) Many internal functions still guess at how much memory will be  required to hold results, and silently truncate the
outputto 4k.  This has not been a problem during testing, but it's an unnecessary  restriction.
 

2) There is essentially no documentation yet.

3) Certificate times are parsed to the minute, not to the second,  and are presented as "abstime", not "datetime."

Future enhancements:

1) Make it possible to compare x509_name and asn1_integer objects  directly.

2) Add all arithmetic functions for asn1_integer.

Export stuff:

1) A copy of this notice has been sent to crypt@bxa.doc.gov.

--
Bear Giles
bgiles (at) coyotesong (dot) com