Re: sslinfo extension - add notbefore and notafter timestamps
| От | Cary Huang |
|---|---|
| Тема | Re: sslinfo extension - add notbefore and notafter timestamps |
| Дата | |
| Msg-id | 1894211830e.ef46f9012448790.7113590129448608981@highgo.ca обсуждение исходный текст |
| Ответ на | Re: sslinfo extension - add notbefore and notafter timestamps (Daniel Gustafsson <daniel@yesql.se>) |
| Ответы |
Re: sslinfo extension - add notbefore and notafter timestamps
|
| Список | pgsql-hackers |
> Thanks for the new version! It doesn't fail the ssl tests, but the Kerberos > test now fails. You can see the test reports from the CFBot here: Yes, kerberos tests failed due to the addition of notbefore and notafter values. The values array within "pg_stat_get_activity"function related to "pg_stat_gssapi" were not set correctly. It is now fixed > This runs on submitted patches, you can also run the same CI checks in your own > Github clone using the supplied CI files in the postgres repo. Thank you for pointing this out. I followed the CI instruction as suggested and am able to run the same CI checks to reproducethe test failures. > There are also some trivial whitespace issues shown with "git diff --check", > these can of course easily be addressed by a committer in a final-version patch > but when sending a new version you might as well fix those. Yes, the white spaces issues should be addressed in the attached patches. > X509_getm_notBefore() and X509_getm_notAfter() are only available in OpenSSL > 1.1.1 and onwards, but postgres support 1.0.2 (as of today with 8e278b6576). > X509_get_notAfter() is available in 1.0.2 but deprecated in 1.1.1 and turned > into an alias for X509_getm_notAfter() (same with _notBefore of course), and > since we set 1.0.2 as the API compatibility we should be able to use that > without warnings instead. Thank you so much for catching this openssl function compatibility issue. I have changed the function calls to: - X509_get_notBefore() - X509_get_notAfter() which are compatible in OpenSSL v1.0.2 and also v1.1.1 where they will get translated to X509_getm_notBefore() and X509_getm_notAfter()respectively > These functions should IMO return timestamp data types to save the user from > having to convert them. Same with the additions to pg_stat_get_activity. Yes, agreed, the attached patches have the output changed to timestamp datatype instead of text. > You should add tests for the new functions in src/test/ssl/t/003_sslinfo.pl. Yes, agreed, I added 2 additional tests in src/test/ssl/t/003_sslinfo.pl to compare the notbefore and notafter outputs fromsslinfo extension and pg_stat_ssl outputs. Both should be tested equal. Also added related documentation about the new not before and not after timestamps in pg_stat_ssl. thank you Cary Huang ------------- HighGo Software Inc. (Canada) cary.huang@highgo.ca www.highgo.ca
Вложения
В списке pgsql-hackers по дате отправления: