Re: sslinfo extension - add notbefore and notafter timestamps
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Cary Huang <cary.huang@highgo.ca>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2023-07-20T15:24:57Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Add notBefore and notAfter to SSL cert info display
- 6acb0a628ecc 17.0 landed
- 75ec5e7bec70 17.0 landed
-
Set fixed dates for test certificates validity
- 40fad96530ca 17.0 landed
> On 17 Jul 2023, at 20:26, Cary Huang <cary.huang@highgo.ca> wrote: >>> Perhaps calling "tm2timestamp(&pgtm_time, 0, NULL, &ts)" without checking the return code would be just fine. I see some other usages of tm2timstamp() in other code areas also skip checking the return code. >> >> I think we want to know about any failures, btu we can probably make it into an >> elog() instead, as it should never fail. > > Yes, sure. I have corrected the error message to elog(ERROR, "timestamp out of range") on a rare tm2timestamp() failure. I went over this again and ended up pushing it along with a catversion bump. Due to a mistake in my testing I didn't however catch that it was using an API only present in OpenSSL 1.1.1 and higher, which caused buildfailures when using older OpenSSL versions, so I ended up reverting it again (leaving certificate changes in place) to keep the buildfarm green. Will look closer at an implementation which works across all supported versions of OpenSSL when I have more time. -- Daniel Gustafsson