diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2023-07-20 17:07:32 +0200 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2023-07-20 17:07:32 +0200 |
| commit | 75ec5e7bec700577d39d653c316e3ae6c505842c (patch) | |
| tree | ef80345f4dd87eaa35745fafb11a7efe808b6c8a /doc/src | |
| parent | 40fad96530caf190a3babf322ca705e744c393bb (diff) | |
| download | postgresql-75ec5e7bec700577d39d653c316e3ae6c505842c.tar.gz postgresql-75ec5e7bec700577d39d653c316e3ae6c505842c.zip | |
Add notBefore and notAfter to SSL cert info display
This adds the X509 attributes notBefore and notAfter to sslinfo
as well as pg_stat_ssl to allow verifying and identifying the
validity period of the current client certificate.
Author: Cary Huang <cary.huang@highgo.ca>
Discussion: https://postgr.es/m/182b8565486.10af1a86f158715.2387262617218380588@highgo.ca
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/monitoring.sgml | 20 | ||||
| -rw-r--r-- | doc/src/sgml/sslinfo.sgml | 30 |
2 files changed, 50 insertions, 0 deletions
diff --git a/doc/src/sgml/monitoring.sgml b/doc/src/sgml/monitoring.sgml index 588b720f57e..42c7808f505 100644 --- a/doc/src/sgml/monitoring.sgml +++ b/doc/src/sgml/monitoring.sgml @@ -2257,6 +2257,26 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i This field is truncated like <structfield>client_dn</structfield>. </para></entry> </row> + + <row> + <entry role="catalog_table_entry"><para role="column_definition"> + <structfield>not_before</structfield> <type>text</type> + </para> + <para> + Not before UTC timestamp of the client certificate, or NULL if no client + certificate was supplied. + </para></entry> + </row> + + <row> + <entry role="catalog_table_entry"><para role="column_definition"> + <structfield>not_after</structfield> <type>text</type> + </para> + <para> + Not after UTC timestamp of the client certificate, or NULL if no client + certificate was supplied. + </para></entry> + </row> </tbody> </tgroup> </table> diff --git a/doc/src/sgml/sslinfo.sgml b/doc/src/sgml/sslinfo.sgml index 85d49f66537..06f5728096e 100644 --- a/doc/src/sgml/sslinfo.sgml +++ b/doc/src/sgml/sslinfo.sgml @@ -240,6 +240,36 @@ emailAddress </para> </listitem> </varlistentry> + + <varlistentry> + <term> + <function>ssl_client_get_notbefore() returns text</function> + <indexterm> + <primary>ssl_client_get_notbefore</primary> + </indexterm> + </term> + <listitem> + <para> + Return the <structfield>not before</structfield> UTC timestamp of the client + certificate. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <function>ssl_client_get_notafter() returns text</function> + <indexterm> + <primary>ssl_client_get_notafter</primary> + </indexterm> + </term> + <listitem> + <para> + Return the <structfield>not after</structfield> UTC timestamp of the client + certificate. + </para> + </listitem> + </varlistentry> </variablelist> </sect2> |