NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit29a0ccb

committed

Revert "Add notBefore and notAfter to SSL cert info display"

Due to an oversight in reviewing, this used functionality notcompatible with old versions of OpenSSL.This reverts commit75ec5e7.

1 parent75ec5e7 commit29a0ccbCopy full SHA for 29a0ccb

File tree

18 files changed

+33

-246

lines changed

contrib/sslinfo
doc/src/sgml
- monitoring.sgml
- sslinfo.sgml
src
- backend
  - catalog
    - system_views.sql
  - libpq
    - be-secure-openssl.c
  - utils
    - activity
      - backend_status.c
    - adt
      - pgstatfuncs.c
- include
  - catalog
    - catversion.h
    - pg_proc.dat
  - libpq
    - libpq-be.h
  - utils
    - backend_status.h
- test
  - regress/expected
    - rules.out
  - ssl/t
    - 001_ssltests.pl
    - 003_sslinfo.pl

18 files changed

+33

-246

lines changed

`‎contrib/sslinfo/Makefile`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ OBJS = \`
`6`	`6`	`sslinfo.o`
`7`	`7`
`8`	`8`	`EXTENSION = sslinfo`
`9`		`-DATA = sslinfo--1.2--1.3.sql sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql`
	`9`	`+DATA = sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql`
`10`	`10`	`PGFILEDESC = "sslinfo - information about client SSL certificate"`
`11`	`11`
`12`	`12`	`ifdefUSE_PGXS`

`‎contrib/sslinfo/meson.build`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,6 @@ install_data(`
`26`	`26`	`'sslinfo--1.0--1.1.sql',`
`27`	`27`	`'sslinfo--1.1--1.2.sql',`
`28`	`28`	`'sslinfo--1.2.sql',`
`29`		`-'sslinfo--1.2--1.3.sql',`
`30`	`29`	`'sslinfo.control',`
`31`	`30`	`kwargs: contrib_data_args,`
`32`	`31`	`)`

`‎contrib/sslinfo/sslinfo--1.2--1.3.sql`

Lines changed: 0 additions & 12 deletions

This file was deleted.

`‎contrib/sslinfo/sslinfo.c`

Lines changed: 0 additions & 67 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,6 @@`
`18`	`18`	`#include"libpq/libpq-be.h"`
`19`	`19`	`#include"miscadmin.h"`
`20`	`20`	`#include"utils/builtins.h"`
`21`		`-#include"utils/timestamp.h"`
`22`	`21`
`23`	`22`	`/*`
`24`	`23`	`* On Windows, <wincrypt.h> includes a #define for X509_NAME, which breaks our`
`@@ -35,7 +34,6 @@ PG_MODULE_MAGIC;`
`35`	`34`
`36`	`35`	`staticDatumX509_NAME_field_to_text(X509_NAMEname,textfieldName);`
`37`	`36`	`staticDatumASN1_STRING_to_text(ASN1_STRING*str);`
`38`		`-staticDatumASN1_TIME_to_timestamp(ASN1_TIME*time);`
`39`	`37`
`40`	`38`	`/*`
`41`	`39`	`* Function context for data persisting over repeated calls.`
`@@ -227,39 +225,6 @@ X509_NAME_field_to_text(X509_NAME name, text fieldName)`
`227`	`225`	`}`
`228`	`226`
`229`	`227`
`230`		`-/*`
`231`		`- * Converts OpenSSL ASN1_TIME structure into timestamp`
`232`		`- *`
`233`		`- * Parameter: time - OpenSSL ASN1_TIME structure.`
`234`		`- *`
`235`		`- * Returns Datum, which can be directly returned from a C language SQL`
`236`		`- * function.`
`237`		`- */`
`238`		`-staticDatum`
`239`		`-ASN1_TIME_to_timestamp(ASN1_TIME*time)`
`240`		`-{`
`241`		`-structtmtm_time;`
`242`		`-structpg_tmpgtm_time;`
`243`		`-Timestampts;`
`244`		`-`
`245`		`-ASN1_TIME_to_tm(time,&tm_time);`
`246`		`-`
`247`		`-pgtm_time.tm_sec=tm_time.tm_sec;`
`248`		`-pgtm_time.tm_min=tm_time.tm_min;`
`249`		`-pgtm_time.tm_hour=tm_time.tm_hour;`
`250`		`-pgtm_time.tm_mday=tm_time.tm_mday;`
`251`		`-pgtm_time.tm_mon=tm_time.tm_mon+1;`
`252`		`-pgtm_time.tm_year=tm_time.tm_year+1900;`
`253`		`-`
`254`		`-if (tm2timestamp(&pgtm_time,0,NULL,&ts))`
`255`		`-ereport(ERROR,`
`256`		`-(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`257`		`-errmsg("failed to convert tm to timestamp")));`
`258`		`-`
`259`		`-PG_RETURN_TIMESTAMP(ts);`
`260`		`-}`
`261`		`-`
`262`		`-`
`263`	`228`	`/*`
`264`	`229`	`* Returns specified field of client certificate distinguished name`
`265`	`230`	`*`
`@@ -517,35 +482,3 @@ ssl_extension_info(PG_FUNCTION_ARGS)`
`517`	`482`	`/* All done */`
`518`	`483`	`SRF_RETURN_DONE(funcctx);`
`519`	`484`	`}`
`520`		`-`
`521`		`-/*`
`522`		`- * Returns current client certificate notBefore timestamp in`
`523`		`- * timestamp data type`
`524`		`- */`
`525`		`-PG_FUNCTION_INFO_V1(ssl_client_get_notbefore);`
`526`		`-Datum`
`527`		`-ssl_client_get_notbefore(PG_FUNCTION_ARGS)`
`528`		`-{`
`529`		`-X509*cert=MyProcPort->peer;`
`530`		`-`
`531`		`-if (!MyProcPort->ssl_in_use\|\| !MyProcPort->peer_cert_valid)`
`532`		`-PG_RETURN_NULL();`
`533`		`-`
`534`		`-returnASN1_TIME_to_timestamp(X509_get_notBefore(cert));`
`535`		`-}`
`536`		`-`
`537`		`-/*`
`538`		`- * Returns current client certificate notAfter timestamp in`
`539`		`- * timestamp data type`
`540`		`- */`
`541`		`-PG_FUNCTION_INFO_V1(ssl_client_get_notafter);`
`542`		`-Datum`
`543`		`-ssl_client_get_notafter(PG_FUNCTION_ARGS)`
`544`		`-{`
`545`		`-X509*cert=MyProcPort->peer;`
`546`		`-`
`547`		`-if (!MyProcPort->ssl_in_use\|\| !MyProcPort->peer_cert_valid)`
`548`		`-PG_RETURN_NULL();`
`549`		`-`
`550`		`-returnASN1_TIME_to_timestamp(X509_get_notAfter(cert));`
`551`		`-}`

`‎contrib/sslinfo/sslinfo.control`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`# sslinfo extension`
`2`	`2`	`comment = 'information about SSL certificates'`
`3`		`-default_version = '1.3'`
	`3`	`+default_version = '1.2'`
`4`	`4`	`module_pathname = '$libdir/sslinfo'`
`5`	`5`	`relocatable = true`

`‎doc/src/sgml/monitoring.sgml`

Lines changed: 0 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -2257,26 +2257,6 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i`
`2257`	`2257`	`This field is truncated like <structfield>client_dn</structfield>.`
`2258`	`2258`	`</para></entry>`
`2259`	`2259`	`</row>`
`2260`		`-`
`2261`		`- <row>`
`2262`		`- <entry role="catalog_table_entry"><para role="column_definition">`
`2263`		`- <structfield>not_before</structfield> <type>text</type>`
`2264`		`- </para>`
`2265`		`- <para>`
`2266`		`- Not before UTC timestamp of the client certificate, or NULL if no client`
`2267`		`- certificate was supplied.`
`2268`		`- </para></entry>`
`2269`		`- </row>`
`2270`		`-`
`2271`		`- <row>`
`2272`		`- <entry role="catalog_table_entry"><para role="column_definition">`
`2273`		`- <structfield>not_after</structfield> <type>text</type>`
`2274`		`- </para>`
`2275`		`- <para>`
`2276`		`- Not after UTC timestamp of the client certificate, or NULL if no client`
`2277`		`- certificate was supplied.`
`2278`		`- </para></entry>`
`2279`		`- </row>`
`2280`	`2260`	`</tbody>`
`2281`	`2261`	`</tgroup>`
`2282`	`2262`	`</table>`

`‎doc/src/sgml/sslinfo.sgml`

Lines changed: 0 additions & 30 deletions

Original file line number	Diff line number	Diff line change
`@@ -240,36 +240,6 @@ emailAddress`
`240`	`240`	`</para>`
`241`	`241`	`</listitem>`
`242`	`242`	`</varlistentry>`
`243`		`-`
`244`		`- <varlistentry>`
`245`		`- <term>`
`246`		`- <function>ssl_client_get_notbefore() returns text</function>`
`247`		`- <indexterm>`
`248`		`- <primary>ssl_client_get_notbefore</primary>`
`249`		`- </indexterm>`
`250`		`- </term>`
`251`		`- <listitem>`
`252`		`- <para>`
`253`		`- Return the <structfield>not before</structfield> UTC timestamp of the client`
`254`		`- certificate.`
`255`		`- </para>`
`256`		`- </listitem>`
`257`		`- </varlistentry>`
`258`		`-`
`259`		`- <varlistentry>`
`260`		`- <term>`
`261`		`- <function>ssl_client_get_notafter() returns text</function>`
`262`		`- <indexterm>`
`263`		`- <primary>ssl_client_get_notafter</primary>`
`264`		`- </indexterm>`
`265`		`- </term>`
`266`		`- <listitem>`
`267`		`- <para>`
`268`		`- Return the <structfield>not after</structfield> UTC timestamp of the client`
`269`		`- certificate.`
`270`		`- </para>`
`271`		`- </listitem>`
`272`		`- </varlistentry>`
`273`	`243`	`</variablelist>`
`274`	`244`	`</sect2>`
`275`	`245`

`‎src/backend/catalog/system_views.sql`

Lines changed: 1 addition & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -970,9 +970,7 @@ CREATE VIEW pg_stat_ssl AS`
`970`	`970`	`S.sslbitsAS bits,`
`971`	`971`	`S.ssl_client_dnAS client_dn,`
`972`	`972`	`S.ssl_client_serialAS client_serial,`
`973`		`-S.ssl_issuer_dnAS issuer_dn,`
`974`		`-S.ssl_not_beforeAS not_before,`
`975`		`-S.ssl_not_afterAS not_after`
	`973`	`+S.ssl_issuer_dnAS issuer_dn`
`976`	`974`	`FROM pg_stat_get_activity(NULL)AS S`
`977`	`975`	`WHERES.client_portIS NOT NULL;`
`978`	`976`

`‎src/backend/libpq/be-secure-openssl.c`

Lines changed: 0 additions & 47 deletions

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,6 @@`
`36`	`36`	`#include"tcop/tcopprot.h"`
`37`	`37`	`#include"utils/builtins.h"`
`38`	`38`	`#include"utils/memutils.h"`
`39`		`-#include"utils/timestamp.h"`
`40`	`39`
`41`	`40`	`/*`
`42`	`41`	`* These SSL-related #includes must come after all system-provided headers.`
`@@ -73,7 +72,6 @@ static bool initialize_ecdh(SSL_CTX *context, bool isServerStart);`
`73`	`72`	`staticconstchar*SSLerrmessage(unsigned longecode);`
`74`	`73`
`75`	`74`	`staticcharX509_NAME_to_cstring(X509_NAMEname);`
`76`		`-staticTimestampASN1_TIME_to_timestamp(ASN1_TIME*time);`
`77`	`75`
`78`	`76`	`staticSSL_CTX*SSL_context=NULL;`
`79`	`77`	`staticboolSSL_initialized= false;`
`@@ -1408,24 +1406,6 @@ be_tls_get_peer_issuer_name(Port port, char ptr, size_t len)`
`1408`	`1406`	`ptr[0]='\0';`
`1409`	`1407`	`}`
`1410`	`1408`
`1411`		`-void`
`1412`		`-be_tls_get_peer_not_before(Portport,Timestampptr)`
`1413`		`-{`
`1414`		`-if (port->peer)`
`1415`		`-*ptr=ASN1_TIME_to_timestamp(X509_get_notBefore(port->peer));`
`1416`		`-else`
`1417`		`-*ptr=0;`
`1418`		`-}`
`1419`		`-`
`1420`		`-void`
`1421`		`-be_tls_get_peer_not_after(Portport,Timestampptr)`
`1422`		`-{`
`1423`		`-if (port->peer)`
`1424`		`-*ptr=ASN1_TIME_to_timestamp(X509_get_notAfter(port->peer));`
`1425`		`-else`
`1426`		`-*ptr=0;`
`1427`		`-}`
`1428`		`-`
`1429`	`1409`	`void`
`1430`	`1410`	`be_tls_get_peer_serial(Portport,charptr,size_tlen)`
`1431`	`1411`	`{`
`@@ -1569,33 +1549,6 @@ X509_NAME_to_cstring(X509_NAME *name)`
`1569`	`1549`	`returnresult;`
`1570`	`1550`	`}`
`1571`	`1551`
`1572`		`-/*`
`1573`		`- * Convert an ASN1_TIME to a Timestamp`
`1574`		`- */`
`1575`		`-staticTimestamp`
`1576`		`-ASN1_TIME_to_timestamp(ASN1_TIME*time)`
`1577`		`-{`
`1578`		`-structtmtm_time;`
`1579`		`-structpg_tmpgtm_time;`
`1580`		`-Timestampts;`
`1581`		`-`
`1582`		`-ASN1_TIME_to_tm(time,&tm_time);`
`1583`		`-`
`1584`		`-pgtm_time.tm_sec=tm_time.tm_sec;`
`1585`		`-pgtm_time.tm_min=tm_time.tm_min;`
`1586`		`-pgtm_time.tm_hour=tm_time.tm_hour;`
`1587`		`-pgtm_time.tm_mday=tm_time.tm_mday;`
`1588`		`-pgtm_time.tm_mon=tm_time.tm_mon+1;`
`1589`		`-pgtm_time.tm_year=tm_time.tm_year+1900;`
`1590`		`-`
`1591`		`-if (tm2timestamp(&pgtm_time,0,NULL,&ts))`
`1592`		`-ereport(ERROR,`
`1593`		`-(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`1594`		`-errmsg("timestamp out of range")));`
`1595`		`-`
`1596`		`-returnts;`
`1597`		`-}`
`1598`		`-`
`1599`	`1552`	`/*`
`1600`	`1553`	`* Convert TLS protocol version GUC enum to OpenSSL values`
`1601`	`1554`	`*`

`‎src/backend/utils/activity/backend_status.c`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -367,8 +367,6 @@ pgstat_bestart(void)`
`367`	`367`	`be_tls_get_peer_subject_name(MyProcPort,lsslstatus.ssl_client_dn,NAMEDATALEN);`
`368`	`368`	`be_tls_get_peer_serial(MyProcPort,lsslstatus.ssl_client_serial,NAMEDATALEN);`
`369`	`369`	`be_tls_get_peer_issuer_name(MyProcPort,lsslstatus.ssl_issuer_dn,NAMEDATALEN);`
`370`		`-be_tls_get_peer_not_before(MyProcPort,&lsslstatus.ssl_not_before);`
`371`		`-be_tls_get_peer_not_after(MyProcPort,&lsslstatus.ssl_not_after);`
`372`	`370`	`}`
`373`	`371`	`else`
`374`	`372`	`{`

`‎src/backend/utils/adt/pgstatfuncs.c`

Lines changed: 17 additions & 29 deletions

Original file line number	Diff line number	Diff line change
`@@ -303,7 +303,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)`
`303`	`303`	`Datum`
`304`	`304`	`pg_stat_get_activity(PG_FUNCTION_ARGS)`
`305`	`305`	`{`
`306`		`-#definePG_STAT_GET_ACTIVITY_COLS33`
	`306`	`+#definePG_STAT_GET_ACTIVITY_COLS31`
`307`	`307`	`intnum_backends=pgstat_fetch_stat_numbackends();`
`308`	`308`	`intcurr_backend;`
`309`	`309`	`intpid=PG_ARGISNULL(0) ?-1 :PG_GETARG_INT32(0);`
`@@ -395,7 +395,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)`
`395`	`395`	`pfree(clipped_activity);`
`396`	`396`
`397`	`397`	`/* leader_pid */`
`398`		`-nulls[31]= true;`
	`398`	`+nulls[29]= true;`
`399`	`399`
`400`	`400`	`proc=BackendPidGetProc(beentry->st_procpid);`
`401`	`401`
`@@ -432,17 +432,17 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)`
`432`	`432`	`*/`
`433`	`433`	`if (leader&&leader->pid!=beentry->st_procpid)`
`434`	`434`	`{`
`435`		`-values[31]=Int32GetDatum(leader->pid);`
`436`		`-nulls[31]= false;`
	`435`	`+values[29]=Int32GetDatum(leader->pid);`
	`436`	`+nulls[29]= false;`
`437`	`437`	`}`
`438`	`438`	`elseif (beentry->st_backendType==B_BG_WORKER)`
`439`	`439`	`{`
`440`	`440`	`intleader_pid=GetLeaderApplyWorkerPid(beentry->st_procpid);`
`441`	`441`
`442`	`442`	`if (leader_pid!=InvalidPid)`
`443`	`443`	`{`
`444`		`-values[31]=Int32GetDatum(leader_pid);`
`445`		`-nulls[31]= false;`
	`444`	`+values[29]=Int32GetDatum(leader_pid);`
	`445`	`+nulls[29]= false;`
`446`	`446`	`}`
`447`	`447`	`}`
`448`	`448`	`}`
`@@ -587,45 +587,35 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)`
`587`	`587`	`values[24]=CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);`
`588`	`588`	`else`
`589`	`589`	`nulls[24]= true;`
`590`		`-`
`591`		`-if (beentry->st_sslstatus->ssl_not_before!=0)`
`592`		`-values[25]=TimestampGetDatum(beentry->st_sslstatus->ssl_not_before);`
`593`		`-else`
`594`		`-nulls[25]= true;`
`595`		`-`
`596`		`-if (beentry->st_sslstatus->ssl_not_after!=0)`
`597`		`-values[26]=TimestampGetDatum(beentry->st_sslstatus->ssl_not_after);`
`598`		`-else`
`599`		`-nulls[26]= true;`
`600`	`590`	`}`
`601`	`591`	`else`
`602`	`592`	`{`
`603`	`593`	`values[18]=BoolGetDatum(false);/* ssl */`
`604`		`-nulls[19]=nulls[20]=nulls[21]=nulls[22]=nulls[23]=nulls[24]=nulls[25]=nulls[26]=true;`
	`594`	`+nulls[19]=nulls[20]=nulls[21]=nulls[22]=nulls[23]=nulls[24]= true;`
`605`	`595`	`}`
`606`	`596`
`607`	`597`	`/* GSSAPI information */`
`608`	`598`	`if (beentry->st_gss)`
`609`	`599`	`{`
`610`		`-values[27]=BoolGetDatum(beentry->st_gssstatus->gss_auth);/* gss_auth */`
`611`		`-values[28]=CStringGetTextDatum(beentry->st_gssstatus->gss_princ);`
`612`		`-values[29]=BoolGetDatum(beentry->st_gssstatus->gss_enc);/* GSS Encryption in use */`
`613`		`-values[30]=BoolGetDatum(beentry->st_gssstatus->gss_delegation);/* GSS credentials`
	`600`	`+values[25]=BoolGetDatum(beentry->st_gssstatus->gss_auth);/* gss_auth */`
	`601`	`+values[26]=CStringGetTextDatum(beentry->st_gssstatus->gss_princ);`
	`602`	`+values[27]=BoolGetDatum(beentry->st_gssstatus->gss_enc);/* GSS Encryption in use */`
	`603`	`+values[28]=BoolGetDatum(beentry->st_gssstatus->gss_delegation);/* GSS credentials`
`614`	`604`	`* delegated */`
`615`	`605`	`}`
`616`	`606`	`else`
`617`	`607`	`{`
`618`		`-values[27]=BoolGetDatum(false);/* gss_auth */`
`619`		`-nulls[28]= true;/* No GSS principal */`
`620`		`-values[29]=BoolGetDatum(false);/* GSS Encryption not in`
	`608`	`+values[25]=BoolGetDatum(false);/* gss_auth */`
	`609`	`+nulls[26]= true;/* No GSS principal */`
	`610`	`+values[27]=BoolGetDatum(false);/* GSS Encryption not in`
`621`	`611`	`* use */`
`622`		`-values[30]=BoolGetDatum(false);/* GSS credentials not`
	`612`	`+values[28]=BoolGetDatum(false);/* GSS credentials not`
`623`	`613`	`* delegated */`
`624`	`614`	`}`
`625`	`615`	`if (beentry->st_query_id==0)`
`626`		`-nulls[32]= true;`
	`616`	`+nulls[30]= true;`
`627`	`617`	`else`
`628`		`-values[32]=UInt64GetDatum(beentry->st_query_id);`
	`618`	`+values[30]=UInt64GetDatum(beentry->st_query_id);`
`629`	`619`	`}`
`630`	`620`	`else`
`631`	`621`	`{`
`@@ -655,8 +645,6 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)`
`655`	`645`	`nulls[28]= true;`
`656`	`646`	`nulls[29]= true;`
`657`	`647`	`nulls[30]= true;`
`658`		`-nulls[31]= true;`
`659`		`-nulls[32]= true;`
`660`	`648`	`}`
`661`	`649`
`662`	`650`	`tuplestore_putvalues(rsinfo->setResult,rsinfo->setDesc,values,nulls);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit29a0ccb

File tree

18 files changed

18 files changed

`‎contrib/sslinfo/Makefile`

`‎contrib/sslinfo/meson.build`

`‎contrib/sslinfo/sslinfo--1.2--1.3.sql`

`‎contrib/sslinfo/sslinfo.c`

`‎contrib/sslinfo/sslinfo.control`

`‎doc/src/sgml/monitoring.sgml`

`‎doc/src/sgml/sslinfo.sgml`

`‎src/backend/catalog/system_views.sql`

`‎src/backend/libpq/be-secure-openssl.c`

`‎src/backend/utils/activity/backend_status.c`

`‎src/backend/utils/adt/pgstatfuncs.c`

0 commit comments