diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/sslinfo/Makefile | 2 | ||||
| -rw-r--r-- | contrib/sslinfo/meson.build | 1 | ||||
| -rw-r--r-- | contrib/sslinfo/sslinfo--1.2--1.3.sql | 12 | ||||
| -rw-r--r-- | contrib/sslinfo/sslinfo.c | 67 | ||||
| -rw-r--r-- | contrib/sslinfo/sslinfo.control | 2 |
5 files changed, 82 insertions, 2 deletions
diff --git a/contrib/sslinfo/Makefile b/contrib/sslinfo/Makefile index dd1ff83b16d..78a5a83d5c4 100644 --- a/contrib/sslinfo/Makefile +++ b/contrib/sslinfo/Makefile @@ -6,7 +6,7 @@ OBJS = \ sslinfo.o EXTENSION = sslinfo -DATA = sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql +DATA = sslinfo--1.2--1.3.sql sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql PGFILEDESC = "sslinfo - information about client SSL certificate" ifdef USE_PGXS diff --git a/contrib/sslinfo/meson.build b/contrib/sslinfo/meson.build index 999456d3a42..215b01daffd 100644 --- a/contrib/sslinfo/meson.build +++ b/contrib/sslinfo/meson.build @@ -26,6 +26,7 @@ install_data( 'sslinfo--1.0--1.1.sql', 'sslinfo--1.1--1.2.sql', 'sslinfo--1.2.sql', + 'sslinfo--1.2--1.3.sql', 'sslinfo.control', kwargs: contrib_data_args, ) diff --git a/contrib/sslinfo/sslinfo--1.2--1.3.sql b/contrib/sslinfo/sslinfo--1.2--1.3.sql new file mode 100644 index 00000000000..9d64d2bfa48 --- /dev/null +++ b/contrib/sslinfo/sslinfo--1.2--1.3.sql @@ -0,0 +1,12 @@ +/* contrib/sslinfo/sslinfo--1.2--1.3.sql */ + +-- complain if script is sourced in psql, rather than via CREATE EXTENSION +\echo Use "CREATE EXTENSION sslinfo" to load this file. \quit + +CREATE FUNCTION ssl_client_get_notbefore() RETURNS timestamp +AS 'MODULE_PATHNAME', 'ssl_client_get_notbefore' +LANGUAGE C STRICT PARALLEL RESTRICTED; + +CREATE FUNCTION ssl_client_get_notafter() RETURNS timestamp +AS 'MODULE_PATHNAME', 'ssl_client_get_notafter' +LANGUAGE C STRICT PARALLEL RESTRICTED; diff --git a/contrib/sslinfo/sslinfo.c b/contrib/sslinfo/sslinfo.c index 5fd46b98741..e4ecf78889f 100644 --- a/contrib/sslinfo/sslinfo.c +++ b/contrib/sslinfo/sslinfo.c @@ -18,6 +18,7 @@ #include "libpq/libpq-be.h" #include "miscadmin.h" #include "utils/builtins.h" +#include "utils/timestamp.h" /* * On Windows, <wincrypt.h> includes a #define for X509_NAME, which breaks our @@ -34,6 +35,7 @@ PG_MODULE_MAGIC; static Datum X509_NAME_field_to_text(X509_NAME *name, text *fieldName); static Datum ASN1_STRING_to_text(ASN1_STRING *str); +static Datum ASN1_TIME_to_timestamp(ASN1_TIME *time); /* * Function context for data persisting over repeated calls. @@ -226,6 +228,39 @@ X509_NAME_field_to_text(X509_NAME *name, text *fieldName) /* + * Converts OpenSSL ASN1_TIME structure into timestamp + * + * Parameter: time - OpenSSL ASN1_TIME structure. + * + * Returns Datum, which can be directly returned from a C language SQL + * function. + */ +static Datum +ASN1_TIME_to_timestamp(ASN1_TIME * time) +{ + struct tm tm_time; + struct pg_tm pgtm_time; + Timestamp ts; + + ASN1_TIME_to_tm(time, &tm_time); + + pgtm_time.tm_sec = tm_time.tm_sec; + pgtm_time.tm_min = tm_time.tm_min; + pgtm_time.tm_hour = tm_time.tm_hour; + pgtm_time.tm_mday = tm_time.tm_mday; + pgtm_time.tm_mon = tm_time.tm_mon + 1; + pgtm_time.tm_year = tm_time.tm_year + 1900; + + if (tm2timestamp(&pgtm_time, 0, NULL, &ts)) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("failed to convert tm to timestamp"))); + + PG_RETURN_TIMESTAMP(ts); +} + + +/* * Returns specified field of client certificate distinguished name * * Receives field name (like 'commonName' and 'emailAddress') and @@ -482,3 +517,35 @@ ssl_extension_info(PG_FUNCTION_ARGS) /* All done */ SRF_RETURN_DONE(funcctx); } + +/* + * Returns current client certificate notBefore timestamp in + * timestamp data type + */ +PG_FUNCTION_INFO_V1(ssl_client_get_notbefore); +Datum +ssl_client_get_notbefore(PG_FUNCTION_ARGS) +{ + X509 *cert = MyProcPort->peer; + + if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid) + PG_RETURN_NULL(); + + return ASN1_TIME_to_timestamp(X509_get_notBefore(cert)); +} + +/* + * Returns current client certificate notAfter timestamp in + * timestamp data type + */ +PG_FUNCTION_INFO_V1(ssl_client_get_notafter); +Datum +ssl_client_get_notafter(PG_FUNCTION_ARGS) +{ + X509 *cert = MyProcPort->peer; + + if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid) + PG_RETURN_NULL(); + + return ASN1_TIME_to_timestamp(X509_get_notAfter(cert)); +} diff --git a/contrib/sslinfo/sslinfo.control b/contrib/sslinfo/sslinfo.control index c7754f924cf..b53e95b7da8 100644 --- a/contrib/sslinfo/sslinfo.control +++ b/contrib/sslinfo/sslinfo.control @@ -1,5 +1,5 @@ # sslinfo extension comment = 'information about SSL certificates' -default_version = '1.2' +default_version = '1.3' module_pathname = '$libdir/sslinfo' relocatable = true |