Home > mailing lists

Re: sslinfo extension - add notbefore and notafter timestamps - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: sslinfo extension - add notbefore and notafter timestamps
Date	August 20, 2022 14:02:01
Msg-id	42389B9C-D0AF-43B0-9554-EE38CE4505B2@yesql.se Whole thread Raw
In response to	sslinfo extension - add notbefore and notafter timestamps (Cary Huang <cary.huang@highgo.ca>)
Responses	Re: sslinfo extension - add notbefore and notafter timestamps
List	pgsql-hackers

Tree view

> On 20 Aug 2022, at 01:00, Cary Huang <cary.huang@highgo.ca> wrote:

> I noticed that sslinfo extension does not have functions to return current client certificate's notbefore and
notaftertimestamps which are also quite important attributes in a X509 certificate. The attached patch adds 2 functions
toget notbefore and notafter timestamps from the currently connected client certificate. 

Off the cuff that doesn't seem like a bad idea, but I wonder if we should add
them to pg_stat_ssl (or both) instead if we deem them valuable?

Re the patch, it would be nice to move the logic in ssl_client_get_notafter and
the _notbefore counterpart to a static function since they are copies of
eachother.

--
Daniel Gustafsson        https://vmware.com/

pgsql-hackers by date:

From: Zhihong Yu
Date: 20 August 2022, 12:52:29
Subject: Re: including pid's for `There are XX other sessions using the database`

From: Önder Kalacı
Date: 20 August 2022, 14:02:03
Subject: Re: [PATCH] Use indexes on the subscriber when REPLICA IDENTITY is full on the publisher

Re: sslinfo extension - add notbefore and notafter timestamps - Mailing list pgsql-hackers

Previous

Next