On 01/26/2018 03:54 AM, Peter Eisentraut wrote:
On 1/25/18 20:10, Michael Paquier wrote:
Peter, could you change ssl_version() and ssl_cipher() in sslinfo at the
same time please? I think that those should use the generic backend-side
APIs as well. sslinfo depends heavily on OpenSSL, OK, but if possible
getting this code more generic will help users of sslinfo to get
something partially working with other SSL implementations natively.
sslinfo is currently entirely dependent on OpenSSL, so I don't think
it's useful to throw in one or two isolated API changes.
I'm thinking maybe we should get rid of sslinfo and fold everything into
pg_stat_ssl.
I think sslinfo should either use the pg_tls_get_* functions or be
removed. I do not like having an OpenSSL specific extension. One issue
though is that pg_tls_get_* truncates strings to a given length while
sslinfo allocates a copy and is therefore only limited by the maximum
size of text, but this may not be an issue in practice.
Andreas
