or NULL if SSL is not in use on this connection</entry>

</row>

<row>

<entry><structfield>clientdn</structfield></entry>

<entry><structfield>client_dn</structfield></entry>

<entry><type>text</type></entry>

<entry>Distinguished Name (DN) field from the client certificate

used, or NULL if no client certificate was supplied or if SSL

is not in use on this connection. This field is truncated if the

DN field is longer than <symbol>NAMEDATALEN</symbol> (64 characters

in a standard build)

in a standard build).

</entry>

</row>

<row>

<entry><structfield>client_serial</structfield></entry>

<entry><type>numeric</type></entry>

<entry>Serial number of the client certificate, or NULL if no client

certificate was supplied or if SSL is not in use on this connection. The

combination of certificate serial number and certificate issuer uniquely

identifies a certificate (unless the issuer erroneously reuses serial

numbers).</entry>

</row>

<row>

<entry><structfield>issuer_dn</structfield></entry>

<entry><type>text</type></entry>

<entry>DN of the issuer of the client certificate, or NULL if no client

certificate was supplied or if SSL is not in use on this connection.

This field is truncated like <structfield>client_dn</structfield>.</entry>

</row>

</tbody>

</tgroup>

</table>

S.sslcipherAS cipher,

S.sslbitsAS bits,

S.sslcompressionAS compression,

S.sslclientdnAS clientdn

S.ssl_client_dnAS client_dn,

S.ssl_client_serialAS client_serial,

S.ssl_issuer_dnAS issuer_dn

FROM pg_stat_get_activity(NULL)AS S;

}

be_tls_get_peerdn_name(Port*port,char*ptr,size_tlen)

be_tls_get_peer_subject_name(Port*port,char*ptr,size_tlen)

{

if (port->peer)

strlcpy(ptr,X509_NAME_to_cstring(X509_get_subject_name(port->peer)),len);

ptr[0]='\0';

}

be_tls_get_peer_issuer_name(Port*port,char*ptr,size_tlen)

{

if (port->peer)

strlcpy(ptr,X509_NAME_to_cstring(X509_get_issuer_name(port->peer)),len);

ptr[0]='\0';

}

be_tls_get_peer_serial(Port*port,char*ptr,size_tlen)

{

if (port->peer)

{

ASN1_INTEGER*serial;

BIGNUM*b;

char*decimal;

serial=X509_get_serialNumber(port->peer);

b=ASN1_INTEGER_to_BN(serial,NULL);

decimal=BN_bn2dec(b);

BN_free(b);

strlcpy(ptr,decimal,len);

OPENSSL_free(decimal);

}

ptr[0]='\0';

}

be_tls_get_certificate_hash(Port*port,size_t*len)

beentry->st_sslstatus->ssl_compression=be_tls_get_compression(MyProcPort);

strlcpy(beentry->st_sslstatus->ssl_version,be_tls_get_version(MyProcPort),NAMEDATALEN);

strlcpy(beentry->st_sslstatus->ssl_cipher,be_tls_get_cipher(MyProcPort),NAMEDATALEN);

be_tls_get_peerdn_name(MyProcPort,beentry->st_sslstatus->ssl_clientdn,NAMEDATALEN);

be_tls_get_peer_subject_name(MyProcPort,beentry->st_sslstatus->ssl_client_dn,NAMEDATALEN);

be_tls_get_peer_serial(MyProcPort,beentry->st_sslstatus->ssl_client_serial,NAMEDATALEN);

be_tls_get_peer_issuer_name(MyProcPort,beentry->st_sslstatus->ssl_issuer_dn,NAMEDATALEN);

}

{

pg_stat_get_activity(PG_FUNCTION_ARGS)

{

intnum_backends=pgstat_fetch_stat_numbackends();

intcurr_backend;

intpid=PG_ARGISNULL(0) ?-1 :PG_GETARG_INT32(0);

values[20]=CStringGetTextDatum(beentry->st_sslstatus->ssl_cipher);

values[21]=Int32GetDatum(beentry->st_sslstatus->ssl_bits);

values[22]=BoolGetDatum(beentry->st_sslstatus->ssl_compression);

if (beentry->st_sslstatus->ssl_clientdn[0])

values[23]=CStringGetTextDatum(beentry->st_sslstatus->ssl_clientdn);

if (beentry->st_sslstatus->ssl_client_dn[0])

values[23]=CStringGetTextDatum(beentry->st_sslstatus->ssl_client_dn);

nulls[23]= true;

if (beentry->st_sslstatus->ssl_client_serial[0])

values[24]=DirectFunctionCall3(numeric_in,

CStringGetDatum(beentry->st_sslstatus->ssl_client_serial),

ObjectIdGetDatum(InvalidOid),

Int32GetDatum(-1));

nulls[24]= true;

if (beentry->st_sslstatus->ssl_issuer_dn[0])

values[25]=CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);

nulls[25]= true;

}

{

values[18]=BoolGetDatum(false);/* ssl */

nulls[19]=nulls[20]=nulls[21]=nulls[22]=nulls[23]= true;

nulls[19]=nulls[20]=nulls[21]=nulls[22]=nulls[23]=nulls[24]=nulls[25]=true;

}

proname => 'pg_stat_get_activity', prorows => '100', proisstrict => 'f',

proretset => 't', provolatile => 's', proparallel => 'r',

prorettype => 'record', proargtypes => 'int4',

proallargtypes => '{int4,oid,int4,oid,text,text,text,text,text,timestamptz,timestamptz,timestamptz,timestamptz,inet,text,int4,xid,xid,text,bool,text,text,int4,bool,text}',

proargmodes => '{i,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o}',

proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,sslcompression,sslclientdn}',

proallargtypes => '{int4,oid,int4,oid,text,text,text,text,text,timestamptz,timestamptz,timestamptz,timestamptz,inet,text,int4,xid,xid,text,bool,text,text,int4,bool,text,numeric,text}',

proargmodes => '{i,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o}',

proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,sslcompression,ssl_client_dn,ssl_client_serial,ssl_issuer_dn}',

prosrc => 'pg_stat_get_activity' },

{ oid => '3318',

descr => 'statistics: information about progress of backends running maintenance command',

externboolbe_tls_get_compression(Port*port);

externconstchar*be_tls_get_version(Port*port);

externconstchar*be_tls_get_cipher(Port*port);

externvoidbe_tls_get_peerdn_name(Port*port,char*ptr,size_tlen);

externvoidbe_tls_get_peer_subject_name(Port*port,char*ptr,size_tlen);

externvoidbe_tls_get_peer_issuer_name(Port*port,char*ptr,size_tlen);

externvoidbe_tls_get_peer_serial(Port*port,char*ptr,size_tlen);

{

intssl_bits;

boolssl_compression;

charssl_version[NAMEDATALEN];/* MUST be null-terminated */

charssl_cipher[NAMEDATALEN];/* MUST be null-terminated */

charssl_clientdn[NAMEDATALEN];/* MUST be null-terminated */

charssl_version[NAMEDATALEN];

charssl_cipher[NAMEDATALEN];

charssl_client_dn[NAMEDATALEN];

charssl_client_serial[NAMEDATALEN];

charssl_issuer_dn[NAMEDATALEN];

}PgBackendSSLStatus;

s.backend_xmin,

s.query,

s.backend_type

FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression,sslclientdn)

FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression,ssl_client_dn, ssl_client_serial, ssl_issuer_dn)

LEFT JOIN pg_database d ON ((s.datid = d.oid)))

LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));

pg_stat_all_indexes| SELECT c.oid AS relid,

w.sync_priority,

w.sync_state,

w.reply_time

FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression,sslclientdn)

FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression,ssl_client_dn, ssl_client_serial, ssl_issuer_dn)

JOIN pg_stat_get_wal_senders() w(pid, state, sent_lsn, write_lsn, flush_lsn, replay_lsn, write_lag, flush_lag, replay_lag, sync_priority, sync_state, reply_time) ON ((s.pid = w.pid)))

LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));

pg_stat_ssl| SELECT s.pid,

s.sslcipher AS cipher,

s.sslbits AS bits,

s.sslcompression AS compression,

s.sslclientdn AS clientdn

FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression, sslclientdn);

s.ssl_client_dn AS client_dn,

s.ssl_client_serial AS client_serial,

s.ssl_issuer_dn AS issuer_dn

FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression, ssl_client_dn, ssl_client_serial, ssl_issuer_dn);

pg_stat_subscription| SELECT su.oid AS subid,

su.subname,

st.pid,

'-d',"$common_connstr sslrootcert=invalid",

'-c',"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"

],

^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,_null_$}mx,

^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,_null_,_null_,_null_$}mx,

'pg_stat_ssl view without client certificate');

'-d',"$common_connstr user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key",

'-c',"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"

],

^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,/CN=ssltestuser$}mx,

^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,/CN=ssltestuser,1,\Q/CN=Test CA for PostgreSQL SSL regression test client certs\E$}mx,

'pg_stat_ssl with client certificate');