Thread: Contrib module to examine client certificate
Following patch provides new contrib module pgsslinfo, which contains several server-side functions, which allow to examine information about SSL client certificate, used to connect to the server. This information can be used for example, for logging user access. Textual information from certificate distninguished name is converted into current database charset, which allow non-latin characters in the names to be readable. Module was developed using latest stable version of OpenSSL (0.9.8b). Probably, it should work with previous stable version of OpenSSL (0.9.7something) which is still widely used, or even with outdated version 0.9.6, but I haven't tested it. Module requires access to PostgreSQL variable MyProcPort, which is not declared DLLIMPORT in the appropriate header file (miscadmin.h). So, this patch includes one-line patch to this header file, to allow module compile and work under win32.
Attachment
This seems like a nice /contrib module.
Your patch has been added to the PostgreSQL unapplied patches list at:
http://momjian.postgresql.org/cgi-bin/pgpatches
It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.
---------------------------------------------------------------------------
Victor B. Wagner wrote:
> Following patch provides new contrib module pgsslinfo, which contains
> several server-side functions, which allow to examine information about
> SSL client certificate, used to connect to the server.
>
> This information can be used for example, for logging user access.
>
> Textual information from certificate distninguished name is converted
> into current database charset, which allow non-latin characters in the
> names to be readable.
>
> Module was developed using latest stable version of OpenSSL (0.9.8b).
> Probably, it should work with previous stable version of OpenSSL
> (0.9.7something) which is still widely used, or even with outdated
> version 0.9.6, but I haven't tested it.
>
> Module requires access to PostgreSQL variable MyProcPort, which is not
> declared DLLIMPORT in the appropriate header file (miscadmin.h).
> So, this patch includes one-line patch to this header file, to allow
> module compile and work under win32.
>
>
[ Attachment, skipping... ]
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
I assume this is something we want in /contrib, right? --------------------------------------------------------------------------- Victor B. Wagner wrote: > Following patch provides new contrib module pgsslinfo, which contains > several server-side functions, which allow to examine information about > SSL client certificate, used to connect to the server. > > This information can be used for example, for logging user access. > > Textual information from certificate distninguished name is converted > into current database charset, which allow non-latin characters in the > names to be readable. > > Module was developed using latest stable version of OpenSSL (0.9.8b). > Probably, it should work with previous stable version of OpenSSL > (0.9.7something) which is still widely used, or even with outdated > version 0.9.6, but I haven't tested it. > > Module requires access to PostgreSQL variable MyProcPort, which is not > declared DLLIMPORT in the appropriate header file (miscadmin.h). > So, this patch includes one-line patch to this header file, to allow > module compile and work under win32. > > [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 3: Have you checked our extensive FAQ? > > http://www.postgresql.org/docs/faq -- Bruce Momjian bruce@momjian.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
Bruce Momjian <bruce@momjian.us> writes:
> I assume this is something we want in /contrib, right?
Peter posted an updated version, I believe.
regards, tom lane
Tom Lane wrote: > Bruce Momjian <bruce@momjian.us> writes: > > I assume this is something we want in /contrib, right? > > Peter posted an updated version, I believe. Ah, it was lower in my mailbox. Thanks. -- Bruce Momjian bruce@momjian.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +