During discussions of alternative SSL implementations, contrib/sslinfo
is usually mentioned as something that something needs to be done about.
I've looked into adapting some functionality from sslinfo into the
pg_stat_ssl view. These two facilities have a lot of overlap but seem
mostly oblivious to each other.
The attached patch series
- Adds a documentation link from sslinfo to pg_stat_ssl.
- Adds tests under src/test/ssl/ for the pg_stat_ssl view.
- Changes pg_stat_ssl.clientdn to be null if there is no client
certificate (as documented, but not implemented). (bug fix)
- Adds new fields to pg_stat_ssl: issuerdn and clientserial. These
allow uniquely identifying the client certificate. AFAICT, these are
the most interesting pieces of information provided by sslinfo but not
in pg_stat_ssl. (I don't like the underscore-free naming of these
fields, but it matches the existing "clientdn".)
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
