Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
보기 1
좋아요 0
위키 捐赠
gooderp18绿色标准版
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
브렌치: master
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/sslinfo.html

134 lines
9.1KB
Raw 고유링크 Blame 히스토리 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>F.37. sslinfo</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="contrib-spi.html" title="F.36. spi" /><link rel="next" href="tablefunc.html" title="F.38. tablefunc" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">F.37. sslinfo</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="contrib-spi.html" title="F.36. spi">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="contrib.html" title="Appendix F. Additional Supplied Modules">Up</a></td><th width="60%" align="center">Appendix F. Additional Supplied Modules</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="tablefunc.html" title="F.38. tablefunc">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="SSLINFO"><div class="titlepage"><div><div><h2 class="title" style="clear: both">F.37. sslinfo</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="sect2"><a href="sslinfo.html#id-1.11.7.46.6">F.37.1. Functions Provided</a></span></dt><dt><span class="sect2"><a href="sslinfo.html#id-1.11.7.46.7">F.37.2. Author</a></span></dt></dl></div><a id="id-1.11.7.46.2" class="indexterm"></a><p>

  3.   The <code class="filename">sslinfo</code> module provides information about the SSL

  4.   certificate that the current client provided when connecting to

  5.   <span class="productname">PostgreSQL</span>.  The module is useless (most functions

  6.   will return NULL) if the current connection does not use SSL.

  7.  </p><p>

  8.   Some of the information available through this module can also be obtained

  9.   using the built-in system view <a class="xref" href="monitoring-stats.html#PG-STAT-SSL-VIEW" title="Table 27.8. pg_stat_ssl View">pg_stat_ssl</a>.

  10.  </p><p>

  11.   This extension won't build at all unless the installation was

  12.   configured with <code class="literal">--with-openssl</code>.

  13.  </p><div class="sect2" id="id-1.11.7.46.6"><div class="titlepage"><div><div><h3 class="title">F.37.1. Functions Provided</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">

  14.      <code class="function">ssl_is_used() returns boolean</code>

  15.      <a id="id-1.11.7.46.6.2.1.1.2" class="indexterm"></a>

  16.     </span></dt><dd><p>

  17.      Returns true if current connection to server uses SSL, and false

  18.      otherwise.

  19.     </p></dd><dt><span class="term">

  20.      <code class="function">ssl_version() returns text</code>

  21.      <a id="id-1.11.7.46.6.2.2.1.2" class="indexterm"></a>

  22.     </span></dt><dd><p>

  23.      Returns the name of the protocol used for the SSL connection (e.g. TLSv1.0

  24.      TLSv1.1, or TLSv1.2).

  25.     </p></dd><dt><span class="term">

  26.      <code class="function">ssl_cipher() returns text</code>

  27.      <a id="id-1.11.7.46.6.2.3.1.2" class="indexterm"></a>

  28.     </span></dt><dd><p>

  29.      Returns the name of the cipher used for the SSL connection

  30.      (e.g. DHE-RSA-AES256-SHA).

  31.     </p></dd><dt><span class="term">

  32.      <code class="function">ssl_client_cert_present() returns boolean</code>

  33.      <a id="id-1.11.7.46.6.2.4.1.2" class="indexterm"></a>

  34.     </span></dt><dd><p>

  35.      Returns true if current client has presented a valid SSL client

  36.      certificate to the server, and false otherwise.  (The server

  37.      might or might not be configured to require a client certificate.)

  38.     </p></dd><dt><span class="term">

  39.      <code class="function">ssl_client_serial() returns numeric</code>

  40.      <a id="id-1.11.7.46.6.2.5.1.2" class="indexterm"></a>

  41.     </span></dt><dd><p>

  42.      Returns serial number of current client certificate.  The combination of

  43.      certificate serial number and certificate issuer is guaranteed to

  44.      uniquely identify a certificate (but not its owner — the owner

  45.      ought to regularly change their keys, and get new certificates from the

  46.      issuer).

  47.     </p><p>

  48.      So, if you run your own CA and allow only certificates from this CA to

  49.      be accepted by the server, the serial number is the most reliable (albeit

  50.      not very mnemonic) means to identify a user.

  51.     </p></dd><dt><span class="term">

  52.      <code class="function">ssl_client_dn() returns text</code>

  53.      <a id="id-1.11.7.46.6.2.6.1.2" class="indexterm"></a>

  54.     </span></dt><dd><p>

  55.      Returns the full subject of the current client certificate, converting

  56.      character data into the current database encoding.  It is assumed that

  57.      if you use non-ASCII characters in the certificate names, your

  58.      database is able to represent these characters, too.  If your database

  59.      uses the SQL_ASCII encoding, non-ASCII characters in the name will be

  60.      represented as UTF-8 sequences.

  61.     </p><p>

  62.      The result looks like <code class="literal">/CN=Somebody /C=Some country/O=Some organization</code>.

  63.     </p></dd><dt><span class="term">

  64.      <code class="function">ssl_issuer_dn() returns text</code>

  65.      <a id="id-1.11.7.46.6.2.7.1.2" class="indexterm"></a>

  66.     </span></dt><dd><p>

  67.      Returns the full issuer name of the current client certificate, converting

  68.      character data into the current database encoding.  Encoding conversions

  69.      are handled the same as for <code class="function">ssl_client_dn</code>.

  70.     </p><p>

  71.      The combination of the return value of this function with the

  72.      certificate serial number uniquely identifies the certificate.

  73.     </p><p>

  74.      This function is really useful only if you have more than one trusted CA

  75.      certificate in your server's certificate authority file, or if this CA

  76.      has issued some intermediate certificate authority certificates.

  77.     </p></dd><dt><span class="term">

  78.      <code class="function">ssl_client_dn_field(fieldname text) returns text</code>

  79.      <a id="id-1.11.7.46.6.2.8.1.2" class="indexterm"></a>

  80.     </span></dt><dd><p>

  81.      This function returns the value of the specified field in the

  82.      certificate subject, or NULL if the field is not present.

  83.      Field names are string constants that are

  84.      converted into ASN1 object identifiers using the OpenSSL object

  85.      database.  The following values are acceptable:

  86.     </p><pre class="literallayout">

  87. commonName (alias CN)

  88. surname (alias SN)

  89. name

  90. givenName (alias GN)

  91. countryName (alias C)

  92. localityName (alias L)

  93. stateOrProvinceName (alias ST)

  94. organizationName (alias O)

  95. organizationalUnitName (alias OU)

  96. title

  97. description

  98. initials

  99. postalCode

  100. streetAddress

  101. generationQualifier

  102. description

  103. dnQualifier

  104. x500UniqueIdentifier

  105. pseudonym

  106. role

  107. emailAddress

  108. </pre><p>

  109.      All of these fields are optional, except <code class="structfield">commonName</code>.

  110.      It depends

  111.      entirely on your CA's policy which of them would be included and which

  112.      wouldn't.  The meaning of these fields, however, is strictly defined by

  113.      the X.500 and X.509 standards, so you cannot just assign arbitrary

  114.      meaning to them.

  115.     </p></dd><dt><span class="term">

  116.      <code class="function">ssl_issuer_field(fieldname text) returns text</code>

  117.      <a id="id-1.11.7.46.6.2.9.1.2" class="indexterm"></a>

  118.     </span></dt><dd><p>

  119.      Same as <code class="function">ssl_client_dn_field</code>, but for the certificate issuer

  120.      rather than the certificate subject.

  121.     </p></dd><dt><span class="term">

  122.      <code class="function">ssl_extension_info() returns setof record</code>

  123.      <a id="id-1.11.7.46.6.2.10.1.2" class="indexterm"></a>

  124.     </span></dt><dd><p>

  125.      Provide information about extensions of client certificate: extension name,

  126.      extension value, and if it is a critical extension.

  127.     </p></dd></dl></div></div><div class="sect2" id="id-1.11.7.46.7"><div class="titlepage"><div><div><h3 class="title">F.37.2. Author</h3></div></div></div><p>

  128.    Victor Wagner <code class="email">&lt;<a class="email" href="mailto:vitus@cryptocom.ru">vitus@cryptocom.ru</a>&gt;</code>, Cryptocom LTD

  129.   </p><p>

  130.    Dmitry Voronin <code class="email">&lt;<a class="email" href="mailto:carriingfate92@yandex.ru">carriingfate92@yandex.ru</a>&gt;</code>

  131.   </p><p>

  132.    E-Mail of Cryptocom OpenSSL development group:

  133.    <code class="email">&lt;<a class="email" href="mailto:openssl@cryptocom.ru">openssl@cryptocom.ru</a>&gt;</code>

  134.   </p></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="contrib-spi.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="contrib.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="tablefunc.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">F.36. spi </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> F.38. tablefunc</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1