On 04.05.22 01:05, Jacob Champion wrote:
On Tue, 2022-05-03 at 21:06 +0200, Peter Eisentraut wrote:
The information in pg_stat_ssl is limited to NAMEDATALEN (see struct
PgBackendSSLStatus).
It might make sense to align what your patch prints to identify
certificates with what is shown in that view.
Sure, a max length should be easy enough to do. Is there a reason to
limit to NAMEDATALEN specifically? I was under the impression that we
would rather not have had that limitation in the stats framework, if we
could have avoided it. (In particular I think NAMEDATALEN will cut off
the longest possible Common Name by just five bytes.)
Just saying that cutting it off appears to be acceptable. A bit more
than 63 bytes should be okay for the log.
In terms of aligning what is printed, I meant that pg_stat_ssl uses the
issuer plus serial number to identify the certificate unambiguously.
