On 01/26/2018 03:54 AM, Peter Eisentraut wrote:
> On 1/25/18 20:10, Michael Paquier wrote:
>> Peter, could you change ssl_version() and ssl_cipher() in sslinfo at the
>> same time please? I think that those should use the generic backend-side
>> APIs as well. sslinfo depends heavily on OpenSSL, OK, but if possible
>> getting this code more generic will help users of sslinfo to get
>> something partially working with other SSL implementations natively.
>
> sslinfo is currently entirely dependent on OpenSSL, so I don't think
> it's useful to throw in one or two isolated API changes.
>
> I'm thinking maybe we should get rid of sslinfo and fold everything into
> pg_stat_ssl.
I think sslinfo should either use the pg_tls_get_* functions or be
removed. I do not like having an OpenSSL specific extension. One issue
though is that pg_tls_get_* truncates strings to a given length while
sslinfo allocates a copy and is therefore only limited by the maximum
size of text, but this may not be an issue in practice.
Andreas