mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-09-16 09:20:25 +02:00
6acb0a628e
This adds the X509 attributes notBefore and notAfter to sslinfo as well as pg_stat_ssl to allow verifying and identifying the validity period of the current client certificate. OpenSSL has APIs for extracting notAfter and notBefore, but they are only supported in recent versions so we have to calculate the dates by hand in order to make this work for the older versions of OpenSSL that we still support. Original patch by Cary Huang with additional hacking by Jacob and myself. Author: Cary Huang <cary.huang@highgo.ca> Co-author: Jacob Champion <jacob.champion@enterprisedb.com> Co-author: Daniel Gustafsson <daniel@yesql.se> Discussion: https://postgr.es/m/182b8565486.10af1a86f158715.2387262617218380588@highgo.ca
13 lines
484 B
SQL
13 lines
484 B
SQL
/* contrib/sslinfo/sslinfo--1.2--1.3.sql */
|
|
|
|
-- complain if script is sourced in psql, rather than via CREATE EXTENSION
|
|
\echo Use "CREATE EXTENSION sslinfo" to load this file. \quit
|
|
|
|
CREATE FUNCTION ssl_client_get_notbefore() RETURNS timestamptz
|
|
AS 'MODULE_PATHNAME', 'ssl_client_get_notbefore'
|
|
LANGUAGE C STRICT PARALLEL RESTRICTED;
|
|
|
|
CREATE FUNCTION ssl_client_get_notafter() RETURNS timestamptz
|
|
AS 'MODULE_PATHNAME', 'ssl_client_get_notafter'
|
|
LANGUAGE C STRICT PARALLEL RESTRICTED;
|