> On 20 Aug 2022, at 01:00, Cary Huang <cary.hu...@highgo.ca> wrote:
> I noticed that sslinfo extension does not have functions to return current > client certificate's notbefore and notafter timestamps which are also quite > important attributes in a X509 certificate. The attached patch adds 2 > functions to get notbefore and notafter timestamps from the currently > connected client certificate. Off the cuff that doesn't seem like a bad idea, but I wonder if we should add them to pg_stat_ssl (or both) instead if we deem them valuable? Re the patch, it would be nice to move the logic in ssl_client_get_notafter and the _notbefore counterpart to a static function since they are copies of eachother. -- Daniel Gustafsson https://vmware.com/
