Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit6dc920d

Browse files
committed
sslinfo contrib module - information about current SSL certificate
Author: Victor Wagner <vitus@cryptocom.ru>
1 parentc804147 commit6dc920d

File tree

6 files changed

+505
-3
lines changed

6 files changed

+505
-3
lines changed

‎contrib/Makefile

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# $PostgreSQL: pgsql/contrib/Makefile,v 1.66 2006/05/30 13:25:57 momjian Exp $
1+
# $PostgreSQL: pgsql/contrib/Makefile,v 1.67 2006/09/04 15:07:46 petere Exp $
22

33
subdir = contrib
44
top_builddir = ..
@@ -36,6 +36,10 @@ WANTED_DIRS = \
3636
userlock\
3737
vacuumlo
3838

39+
ifeq ($(with_openssl),yes)
40+
WANTED_DIRS += sslinfo
41+
endif
42+
3943
# Missing:
4044
#adddepend\ (does not have a makefile)
4145
#mSQL-interface\ (requires msql installed)

‎contrib/sslinfo/Makefile

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
subdir = contrib/sslinfo
2+
top_builddir = ../..
3+
include$(top_builddir)/src/Makefile.global
4+
5+
MODULES = sslinfo
6+
DATA_built = sslinfo.sql
7+
DOC = README.pgsslinfo
8+
9+
include ../contrib-global.mk

‎contrib/sslinfo/README.sslinfo

Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
sslinfo - information about current SSL certificate for PostgreSQL
2+
==================================================================
3+
Copyright (c) 2006 Cryptocom LTD
4+
Author: Victor Wagner <vitus@cryptocom.ru>
5+
E-Mail of Cryptocom OpenSSL development group: <openssl@cryptocom.ru>
6+
7+
8+
1. Notes
9+
--------
10+
This extension won't build unless your PostgreSQL server is configured
11+
with --with-openssl. Information provided with these functions would
12+
be completely useless if you don't use SSL to connect to database.
13+
14+
15+
2. Functions Description
16+
------------------------
17+
18+
2.1. ssl_is_used()
19+
~~~~~~~~~~~~~~~~~~
20+
21+
ssl_is_used() RETURNS boolean;
22+
23+
Returns TRUE, if current connection to server uses SSL and FALSE
24+
otherwise.
25+
26+
2.2. ssl_client_cert_present()
27+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28+
29+
ssl_client_cert_present() RETURNS boolean
30+
31+
Returns TRUE if current client have presented valid SSL client
32+
certificate to the server and FALSE otherwise (e.g., no SSL,
33+
certificate hadn't be requested by server).
34+
35+
2.3. ssl_client_serial()
36+
~~~~~~~~~~~~~~~~~~~~~~~~
37+
38+
ssl_client_serial() RETURNS numeric
39+
40+
Returns serial number of current client certificate. The combination
41+
of certificate serial number and certificate issuer is guaranteed to
42+
uniquely identify certificate (but not its owner -- the owner ought to
43+
regularily change his keys, and get new certificates from the issuer).
44+
45+
So, if you run you own CA and allow only certificates from this CA to
46+
be accepted by server, the serial number is the most reliable (albeit
47+
not very mnemonic) means to indentify user.
48+
49+
2.4. ssl_client_dn()
50+
~~~~~~~~~~~~~~~~~~~~
51+
52+
ssl_client_dn() RETURNS text
53+
54+
Returns the full subject of current client certificate, converting
55+
character data into the current database encoding. It is assumed that
56+
if you use non-Latin characters in the certificate names, your
57+
database is able to represent these characters, too. If your database
58+
uses the SQL_ASCII encoding, non-Latin characters in the name will be
59+
represented as UTF-8 sequences.
60+
61+
The result looks like '/CN=Somebody /C=Some country/O=Some organization'.
62+
63+
2.5. ssl_issuer_dn()
64+
~~~~~~~~~~~~~~~~~~~~
65+
66+
Returns the full issuer name of the client certificate, converting
67+
character data into current database encoding.
68+
69+
The combination of the return value of this function with the
70+
certificate serial number uniquely identifies the certificate.
71+
72+
The result of this function is really useful only if you have more
73+
than one trusted CA certificate in your server's root.crt file, or if
74+
this CA has issued some intermediate certificate authority
75+
certificates.
76+
77+
2.6. ssl_client_dn_field()
78+
~~~~~~~~~~~~~~~~~~~~~~~~~~
79+
80+
ssl_client_dn_field(fieldName text) RETURNS text
81+
82+
This function returns the value of the specified field in the
83+
certificate subject. Field names are string constants that are
84+
converted into ASN1 object identificators using the OpenSSL object
85+
database. The following values are acceptable:
86+
87+
commonName (alias CN)
88+
surname (alias SN)
89+
name
90+
givenName (alias GN)
91+
countryName (alias C)
92+
localityName (alias L)
93+
stateOrProvinceName (alias ST)
94+
organizationName (alias O)
95+
organizationUnitName (alias OU)
96+
title
97+
description
98+
initials
99+
postalCode
100+
streetAddress
101+
generationQualifier
102+
description
103+
dnQualifier
104+
x500UniqueIdentifier
105+
pseudonim
106+
role
107+
emailAddress
108+
109+
All of these fields are optional, except commonName. It depends
110+
entirely on your CA policy which of them would be included and which
111+
wouldn't. The meaning of these fields, howeer, is strictly defined by
112+
the X.500 and X.509 standards, so you cannot just assign arbitrary
113+
meaning to them.
114+
115+
2.7 ssl_issuer_field()
116+
~~~~~~~~~~~~~~~~~~~
117+
118+
ssl_issuer_field(fieldName text) RETURNS text;
119+
120+
Does same as ssl_client_dn_field, but for the certificate issuer
121+
rather than the certificate subject.

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp