Thanks for your work on this. I haven't been keeping up with the
discussion, but I took a quick look at the latest patch.
+ <para>
+ "Database", "Authenticated User", "System User" (only for PostgreSQL 16 or higher),
+ "Current User", "Session User", "Backend PID", "Server Address", "Server Port",
+ "Client Address", "Client Port", "Socket Directory", and "Host" columns are listed
+ by default when <literal>\conninfo+</literal> is invoked. The columns "Encryption",
+ "Protocol", "Cipher", and "Compression" are added to this output when TLS (SSL)
+ authentication is used. The same applies to GSS authentication is used, where the
+ "GSSAPI" column is also added to the <literal>\conninfo+</literal> output.
</para>
I might be alone on this, but I think this command should output the same
columns regardless of the version, whether it's using SSL, etc. and just
put NULL in any that do not apply. IMHO that would simplify the code and
help prevent confusion. Plus, I'm not aware of any existing meta-commands
that provide certain columns conditionally.
+ if (PQsslInUse(pset.db))
+ {
+ protocol = PQsslAttribute(pset.db, "protocol");
+ cipher = PQsslAttribute(pset.db, "cipher");
+ compression = PQsslAttribute(pset.db, "compression");
+ appendPQExpBuffer(&buf,
+ " ,'SSL' AS \"Encryption\",\n"
+ " '%s' AS \"Protocol\",\n"
+ " '%s' AS \"Cipher\",\n"
+ " '%s' AS \"Compression\"\n",
+ protocol ? protocol : _("unknown"),
+ cipher ? cipher : _("unknown"),
+ (compression && strcmp(compression, "off") != 0) ? _("on") : _("off"));
+ }
Could we pull some of this information from pg_stat_ssl instead of from
libpq? The reason I suggest this is because I think it would be nice if
the query that \conninfo+ uses could be copy/pasted as needed and not rely
on hard-coded values chosen by the client.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
