Contrib module to examine client certificate

This seems like a nice /contrib module.

Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.

---------------------------------------------------------------------------

Victor B. Wagner wrote:

Following patch provides new contrib module pgsslinfo, which contains
several server-side functions, which allow to examine information about
SSL client certificate, used to connect to the server.

This information can be used for example, for logging user access.

Textual information from certificate distninguished name is converted
into current database charset, which allow non-latin characters in the
names to be readable.

Module was developed using latest stable version of OpenSSL (0.9.8b).
Probably, it should work with previous stable version of OpenSSL
(0.9.7something) which is still widely used, or even with outdated
version 0.9.6, but I haven't tested it.

Module requires access to PostgreSQL variable MyProcPort, which is not
declared DLLIMPORT in the appropriate header file (miscadmin.h).
So, this patch includes one-line patch to this header file, to allow
module compile and work under win32.

[ Attachment, skipping... ]

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Am Dienstag, 22. August 2006 02:52 schrieb Bruce Momjian:

This seems like a nice /contrib module.

Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.

I have cleaned up this patch a little. I have changed all the function
signatures from varchar to text, fixed up the formatting and packaging a
little, and renamed it to just "sslinfo".

Note to the author: Whitespace is free. Use it. :)

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

I assume this is something we want in /contrib, right?

---------------------------------------------------------------------------

Victor B. Wagner wrote:

Following patch provides new contrib module pgsslinfo, which contains
several server-side functions, which allow to examine information about
SSL client certificate, used to connect to the server.

This information can be used for example, for logging user access.

Textual information from certificate distninguished name is converted
into current database charset, which allow non-latin characters in the
names to be readable.

Module was developed using latest stable version of OpenSSL (0.9.8b).
Probably, it should work with previous stable version of OpenSSL
(0.9.7something) which is still widely used, or even with outdated
version 0.9.6, but I haven't tested it.

Module requires access to PostgreSQL variable MyProcPort, which is not
declared DLLIMPORT in the appropriate header file (miscadmin.h).
So, this patch includes one-line patch to this header file, to allow
module compile and work under win32.

[ Attachment, skipping... ]

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Bruce Momjian <bruce@momjian.us> writes:

I assume this is something we want in /contrib, right?

Peter posted an updated version, I believe.

regards, tom lane

Tom Lane wrote:

Bruce Momjian <bruce@momjian.us> writes:

I assume this is something we want in /contrib, right?

Peter posted an updated version, I believe.

Ah, it was lower in my mailbox. Thanks.

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Uh, I have a problem with the README copyright:

	+sslinfo - information about current SSL certificate for PostgreSQL
	+==================================================================
	+Copyright (c) 2006 Cryptocom LTD
	+Author: Victor Wagner <vitus@cryptocom.ru>
	+E-Mail of Cryptocom OpenSSL development group: <openssl@cryptocom.ru>

The copyright has to be removed so it can be copyrighted by the
PostgreSQL Global Development Group. Is that OK? We can still keep
your name and company at the top.

If not, it should be placed on pgfoundry or another site.

---------------------------------------------------------------------------

Peter Eisentraut wrote:

Am Dienstag, 22. August 2006 02:52 schrieb Bruce Momjian:

This seems like a nice /contrib module.

Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.

I have cleaned up this patch a little. I have changed all the function
signatures from varchar to text, fixed up the formatting and packaging a
little, and renamed it to just "sslinfo".

Note to the author: Whitespace is free. Use it. :)

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

[ Attachment, skipping... ]

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Bruce Momjian <bruce@momjian.us> writes:

Uh, I have a problem with the README copyright:
+sslinfo - information about current SSL certificate for PostgreSQL
+==================================================================
+Copyright (c) 2006 Cryptocom LTD

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

regards, tom lane

Tom Lane wrote:

Bruce Momjian <bruce@momjian.us> writes:

Uh, I have a problem with the README copyright:
+sslinfo - information about current SSL certificate for PostgreSQL
+==================================================================
+Copyright (c) 2006 Cryptocom LTD

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

Uh, what other ones? I see none in the patch queue.

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Bruce Momjian <bruce@momjian.us> writes:

Tom Lane wrote:

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

Uh, what other ones? I see none in the patch queue.

http://archives.postgresql.org/pgsql-hackers/2006-09/msg00050.php

regards, tom lane

Tom Lane wrote:

Bruce Momjian <bruce@momjian.us> writes:

Tom Lane wrote:

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

Uh, what other ones? I see none in the patch queue.

http://archives.postgresql.org/pgsql-hackers/2006-09/msg00050.php

OK, I see:

* new ISBN/etc module
* hstore (finally proposed for inclusion)
* new sslinfo module
* pgstattuple changes
* removing the deadwood

The new ISBN is the only open one. hstore hasn't had enough requests
for inclusion. sslinfo I got approval from the author today to remove
the notice. pgstattuple had no new copyright mention.

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Bruce Momjian <bruce@momjian.us> writes:

Tom Lane wrote:

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

The new ISBN is the only open one. hstore hasn't had enough requests
for inclusion.

Really? A quick search of the archives shows three different threads
requesting its inclusion within the past two months. What's your
definition of "enough requests"? I note that sslinfo has exactly zero
prior requests for inclusion, so I'm not sure how it got by your filter.

regards, tom lane

Bruce Momjian wrote:

Tom Lane wrote:

Bruce Momjian <bruce@momjian.us> writes:

Tom Lane wrote:

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

Uh, what other ones? I see none in the patch queue.

http://archives.postgresql.org/pgsql-hackers/2006-09/msg00050.php

OK, I see:

* new ISBN/etc module
* hstore (finally proposed for inclusion)
* new sslinfo module
* pgstattuple changes
* removing the deadwood

The new ISBN is the only open one. hstore hasn't had enough requests
for inclusion. sslinfo I got approval from the author today to remove
the notice. pgstattuple had no new copyright mention.

we do actually get the occasional question about why hstore is not at
least in contrib on IRC.
I guess some of those questions might be the result of the
confusing(wrong) wording on the website which says "Stable version,
included into PostgreSQL distribution, released under BSD license" on
http://www.sai.msu.su/~megera/oddmuse/index.cgi?Hstore .

So there is definitely some real-world demand for hstore (at least on
IRC much more than ISBN for example)

Stefan

Tom Lane wrote:

Bruce Momjian <bruce@momjian.us> writes:

Tom Lane wrote:

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

The new ISBN is the only open one. hstore hasn't had enough requests
for inclusion.

Really? A quick search of the archives shows three different threads
requesting its inclusion within the past two months. What's your
definition of "enough requests"? I note that sslinfo has exactly zero
prior requests for inclusion, so I'm not sure how it got by your filter.

As I remember, hstore had questions because its documentation
incorrectly stated it was in the PostgreSQL core distribution. If
people want hstore, that's fine with me.

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Stefan Kaltenbrunner wrote:

Bruce Momjian wrote:

Tom Lane wrote:

Bruce Momjian <bruce@momjian.us> writes:

Tom Lane wrote:

Speaking of which, has anyone checked the copyrights on the other
proposed-for-inclusion contrib modules?

Uh, what other ones? I see none in the patch queue.

http://archives.postgresql.org/pgsql-hackers/2006-09/msg00050.php

OK, I see:

* new ISBN/etc module
* hstore (finally proposed for inclusion)
* new sslinfo module
* pgstattuple changes
* removing the deadwood

The new ISBN is the only open one. hstore hasn't had enough requests
for inclusion. sslinfo I got approval from the author today to remove
the notice. pgstattuple had no new copyright mention.

we do actually get the occasional question about why hstore is not at
least in contrib on IRC.
I guess some of those questions might be the result of the
confusing(wrong) wording on the website which says "Stable version,
included into PostgreSQL distribution, released under BSD license" on
http://www.sai.msu.su/~megera/oddmuse/index.cgi?Hstore .

So there is definitely some real-world demand for hstore (at least on
IRC much more than ISBN for example)

OK, I will track that as an 8.2 open item then.

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Patch has applied this patch. Thanks.

---------------------------------------------------------------------------

Peter Eisentraut wrote:

Am Dienstag, 22. August 2006 02:52 schrieb Bruce Momjian:

This seems like a nice /contrib module.

Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.

I have cleaned up this patch a little. I have changed all the function
signatures from varchar to text, fixed up the formatting and packaging a
little, and renamed it to just "sslinfo".

Note to the author: Whitespace is free. Use it. :)

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

[ Attachment, skipping... ]

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Bruce Momjian wrote:

Patch has applied this patch. Thanks.

Sorry typo:

Peter has applied this patch. Thanks.

---------------------------------------------------------------------------

---------------------------------------------------------------------------

Peter Eisentraut wrote:

Am Dienstag, 22. August 2006 02:52 schrieb Bruce Momjian:

This seems like a nice /contrib module.

Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.

I have cleaned up this patch a little. I have changed all the function
signatures from varchar to text, fixed up the formatting and packaging a
little, and renamed it to just "sslinfo".

Note to the author: Whitespace is free. Use it. :)

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

[ Attachment, skipping... ]

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

--
Bruce Momjian bruce@momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +