aboutsummaryrefslogtreecommitdiff
path: root/contrib/sslinfo/README.sslinfo
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/sslinfo/README.sslinfo')
-rw-r--r--contrib/sslinfo/README.sslinfo120
1 files changed, 0 insertions, 120 deletions
diff --git a/contrib/sslinfo/README.sslinfo b/contrib/sslinfo/README.sslinfo
deleted file mode 100644
index 5ce13f54f5c..00000000000
--- a/contrib/sslinfo/README.sslinfo
+++ /dev/null
@@ -1,120 +0,0 @@
-sslinfo - information about current SSL certificate for PostgreSQL
-==================================================================
-Author: Victor Wagner <vitus@cryptocom.ru>, Cryptocom LTD
-E-Mail of Cryptocom OpenSSL development group: <openssl@cryptocom.ru>
-
-
-1. Notes
---------
-This extension won't build unless your PostgreSQL server is configured
-with --with-openssl. Information provided with these functions would
-be completely useless if you don't use SSL to connect to database.
-
-
-2. Functions Description
-------------------------
-
-2.1. ssl_is_used()
-~~~~~~~~~~~~~~~~~~
-
- ssl_is_used() RETURNS boolean;
-
-Returns TRUE, if current connection to server uses SSL and FALSE
-otherwise.
-
-2.2. ssl_client_cert_present()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
- ssl_client_cert_present() RETURNS boolean
-
-Returns TRUE if current client have presented valid SSL client
-certificate to the server and FALSE otherwise (e.g., no SSL,
-certificate hadn't be requested by server).
-
-2.3. ssl_client_serial()
-~~~~~~~~~~~~~~~~~~~~~~~~
-
- ssl_client_serial() RETURNS numeric
-
-Returns serial number of current client certificate. The combination
-of certificate serial number and certificate issuer is guaranteed to
-uniquely identify certificate (but not its owner -- the owner ought to
-regularily change his keys, and get new certificates from the issuer).
-
-So, if you run you own CA and allow only certificates from this CA to
-be accepted by server, the serial number is the most reliable (albeit
-not very mnemonic) means to indentify user.
-
-2.4. ssl_client_dn()
-~~~~~~~~~~~~~~~~~~~~
-
- ssl_client_dn() RETURNS text
-
-Returns the full subject of current client certificate, converting
-character data into the current database encoding. It is assumed that
-if you use non-Latin characters in the certificate names, your
-database is able to represent these characters, too. If your database
-uses the SQL_ASCII encoding, non-Latin characters in the name will be
-represented as UTF-8 sequences.
-
-The result looks like '/CN=Somebody /C=Some country/O=Some organization'.
-
-2.5. ssl_issuer_dn()
-~~~~~~~~~~~~~~~~~~~~
-
-Returns the full issuer name of the client certificate, converting
-character data into current database encoding.
-
-The combination of the return value of this function with the
-certificate serial number uniquely identifies the certificate.
-
-The result of this function is really useful only if you have more
-than one trusted CA certificate in your server's root.crt file, or if
-this CA has issued some intermediate certificate authority
-certificates.
-
-2.6. ssl_client_dn_field()
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
- ssl_client_dn_field(fieldName text) RETURNS text
-
-This function returns the value of the specified field in the
-certificate subject. Field names are string constants that are
-converted into ASN1 object identificators using the OpenSSL object
-database. The following values are acceptable:
-
- commonName (alias CN)
- surname (alias SN)
- name
- givenName (alias GN)
- countryName (alias C)
- localityName (alias L)
- stateOrProvinceName (alias ST)
- organizationName (alias O)
- organizationUnitName (alias OU)
- title
- description
- initials
- postalCode
- streetAddress
- generationQualifier
- description
- dnQualifier
- x500UniqueIdentifier
- pseudonim
- role
- emailAddress
-
-All of these fields are optional, except commonName. It depends
-entirely on your CA policy which of them would be included and which
-wouldn't. The meaning of these fields, howeer, is strictly defined by
-the X.500 and X.509 standards, so you cannot just assign arbitrary
-meaning to them.
-
-2.7 ssl_issuer_field()
-~~~~~~~~~~~~~~~~~~~
-
- ssl_issuer_field(fieldName text) RETURNS text;
-
-Does same as ssl_client_dn_field, but for the certificate issuer
-rather than the certificate subject.