diff options
Diffstat (limited to 'doc/src/sgml/html/sslinfo.html')
| -rw-r--r-- | doc/src/sgml/html/sslinfo.html | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/doc/src/sgml/html/sslinfo.html b/doc/src/sgml/html/sslinfo.html new file mode 100644 index 0000000..b4dea33 --- /dev/null +++ b/doc/src/sgml/html/sslinfo.html @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>F.42. sslinfo</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="contrib-spi.html" title="F.41. spi" /><link rel="next" href="tablefunc.html" title="F.43. tablefunc" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">F.42. sslinfo</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="contrib-spi.html" title="F.41. spi">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="contrib.html" title="Appendix F. Additional Supplied Modules">Up</a></td><th width="60%" align="center">Appendix F. Additional Supplied Modules</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 15.5 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="tablefunc.html" title="F.43. tablefunc">Next</a></td></tr></table><hr /></div><div class="sect1" id="SSLINFO"><div class="titlepage"><div><div><h2 class="title" style="clear: both">F.42. sslinfo</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="sect2"><a href="sslinfo.html#id-1.11.7.51.6">F.42.1. Functions Provided</a></span></dt><dt><span class="sect2"><a href="sslinfo.html#id-1.11.7.51.7">F.42.2. Author</a></span></dt></dl></div><a id="id-1.11.7.51.2" class="indexterm"></a><p> + The <code class="filename">sslinfo</code> module provides information about the SSL + certificate that the current client provided when connecting to + <span class="productname">PostgreSQL</span>. The module is useless (most functions + will return NULL) if the current connection does not use SSL. + </p><p> + Some of the information available through this module can also be obtained + using the built-in system view <a class="link" href="monitoring-stats.html#MONITORING-PG-STAT-SSL-VIEW" title="28.2.10. pg_stat_ssl"> + <code class="structname">pg_stat_ssl</code></a>. + </p><p> + This extension won't build at all unless the installation was + configured with <code class="literal">--with-ssl=openssl</code>. + </p><div class="sect2" id="id-1.11.7.51.6"><div class="titlepage"><div><div><h3 class="title">F.42.1. Functions Provided</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term"> + <code class="function">ssl_is_used() returns boolean</code> + <a id="id-1.11.7.51.6.2.1.1.2" class="indexterm"></a> + </span></dt><dd><p> + Returns true if current connection to server uses SSL, and false + otherwise. + </p></dd><dt><span class="term"> + <code class="function">ssl_version() returns text</code> + <a id="id-1.11.7.51.6.2.2.1.2" class="indexterm"></a> + </span></dt><dd><p> + Returns the name of the protocol used for the SSL connection (e.g., TLSv1.0, + TLSv1.1, TLSv1.2 or TLSv1.3). + </p></dd><dt><span class="term"> + <code class="function">ssl_cipher() returns text</code> + <a id="id-1.11.7.51.6.2.3.1.2" class="indexterm"></a> + </span></dt><dd><p> + Returns the name of the cipher used for the SSL connection + (e.g., DHE-RSA-AES256-SHA). + </p></dd><dt><span class="term"> + <code class="function">ssl_client_cert_present() returns boolean</code> + <a id="id-1.11.7.51.6.2.4.1.2" class="indexterm"></a> + </span></dt><dd><p> + Returns true if current client has presented a valid SSL client + certificate to the server, and false otherwise. (The server + might or might not be configured to require a client certificate.) + </p></dd><dt><span class="term"> + <code class="function">ssl_client_serial() returns numeric</code> + <a id="id-1.11.7.51.6.2.5.1.2" class="indexterm"></a> + </span></dt><dd><p> + Returns serial number of current client certificate. The combination of + certificate serial number and certificate issuer is guaranteed to + uniquely identify a certificate (but not its owner — the owner + ought to regularly change their keys, and get new certificates from the + issuer). + </p><p> + So, if you run your own CA and allow only certificates from this CA to + be accepted by the server, the serial number is the most reliable (albeit + not very mnemonic) means to identify a user. + </p></dd><dt><span class="term"> + <code class="function">ssl_client_dn() returns text</code> + <a id="id-1.11.7.51.6.2.6.1.2" class="indexterm"></a> + </span></dt><dd><p> + Returns the full subject of the current client certificate, converting + character data into the current database encoding. It is assumed that + if you use non-ASCII characters in the certificate names, your + database is able to represent these characters, too. If your database + uses the SQL_ASCII encoding, non-ASCII characters in the name will be + represented as UTF-8 sequences. + </p><p> + The result looks like <code class="literal">/CN=Somebody /C=Some country/O=Some organization</code>. + </p></dd><dt><span class="term"> + <code class="function">ssl_issuer_dn() returns text</code> + <a id="id-1.11.7.51.6.2.7.1.2" class="indexterm"></a> + </span></dt><dd><p> + Returns the full issuer name of the current client certificate, converting + character data into the current database encoding. Encoding conversions + are handled the same as for <code class="function">ssl_client_dn</code>. + </p><p> + The combination of the return value of this function with the + certificate serial number uniquely identifies the certificate. + </p><p> + This function is really useful only if you have more than one trusted CA + certificate in your server's certificate authority file, or if this CA + has issued some intermediate certificate authority certificates. + </p></dd><dt><span class="term"> + <code class="function">ssl_client_dn_field(fieldname text) returns text</code> + <a id="id-1.11.7.51.6.2.8.1.2" class="indexterm"></a> + </span></dt><dd><p> + This function returns the value of the specified field in the + certificate subject, or NULL if the field is not present. + Field names are string constants that are converted into ASN1 object + identifiers using the <span class="productname">OpenSSL</span> object + database. The following values are acceptable: + </p><pre class="literallayout"> +commonName (alias CN) +surname (alias SN) +name +givenName (alias GN) +countryName (alias C) +localityName (alias L) +stateOrProvinceName (alias ST) +organizationName (alias O) +organizationalUnitName (alias OU) +title +description +initials +postalCode +streetAddress +generationQualifier +description +dnQualifier +x500UniqueIdentifier +pseudonym +role +emailAddress +</pre><p> + All of these fields are optional, except <code class="structfield">commonName</code>. + It depends + entirely on your CA's policy which of them would be included and which + wouldn't. The meaning of these fields, however, is strictly defined by + the X.500 and X.509 standards, so you cannot just assign arbitrary + meaning to them. + </p></dd><dt><span class="term"> + <code class="function">ssl_issuer_field(fieldname text) returns text</code> + <a id="id-1.11.7.51.6.2.9.1.2" class="indexterm"></a> + </span></dt><dd><p> + Same as <code class="function">ssl_client_dn_field</code>, but for the certificate issuer + rather than the certificate subject. + </p></dd><dt><span class="term"> + <code class="function">ssl_extension_info() returns setof record</code> + <a id="id-1.11.7.51.6.2.10.1.2" class="indexterm"></a> + </span></dt><dd><p> + Provide information about extensions of client certificate: extension name, + extension value, and if it is a critical extension. + </p></dd></dl></div></div><div class="sect2" id="id-1.11.7.51.7"><div class="titlepage"><div><div><h3 class="title">F.42.2. Author</h3></div></div></div><p> + Victor Wagner <code class="email"><<a class="email" href="mailto:vitus@cryptocom.ru">vitus@cryptocom.ru</a>></code>, Cryptocom LTD + </p><p> + Dmitry Voronin <code class="email"><<a class="email" href="mailto:carriingfate92@yandex.ru">carriingfate92@yandex.ru</a>></code> + </p><p> + E-Mail of Cryptocom OpenSSL development group: + <code class="email"><<a class="email" href="mailto:openssl@cryptocom.ru">openssl@cryptocom.ru</a>></code> + </p></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="contrib-spi.html" title="F.41. spi">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="contrib.html" title="Appendix F. Additional Supplied Modules">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="tablefunc.html" title="F.43. tablefunc">Next</a></td></tr><tr><td width="40%" align="left" valign="top">F.41. spi </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 15.5 Documentation">Home</a></td><td width="40%" align="right" valign="top"> F.43. tablefunc</td></tr></table></div></body></html>
\ No newline at end of file |