From 9029f4b37406b21abb7516a2fd5643e0961810f8 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Sun, 12 Apr 2015 19:07:46 +0200
Subject: Add system view pg_stat_ssl

This view shows information about all connections, such as if the
connection is using SSL, which cipher is used, and which client
certificate (if any) is used.

Reviews by Alex Shulgin, Heikki Linnakangas, Andres Freund & Michael Paquier
---
 src/backend/utils/adt/pgstatfuncs.c | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

(limited to 'src/backend/utils/adt/pgstatfuncs.c')

diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c
index 78adb2d853c..bbe94c34a15 100644
--- a/src/backend/utils/adt/pgstatfuncs.c
+++ b/src/backend/utils/adt/pgstatfuncs.c
@@ -538,7 +538,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 
 		oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
 
-		tupdesc = CreateTemplateTupleDesc(16, false);
+		tupdesc = CreateTemplateTupleDesc(22, false);
 		TupleDescInitEntry(tupdesc, (AttrNumber) 1, "datid",
 						   OIDOID, -1, 0);
 		TupleDescInitEntry(tupdesc, (AttrNumber) 2, "pid",
@@ -571,6 +571,18 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 						   XIDOID, -1, 0);
 		TupleDescInitEntry(tupdesc, (AttrNumber) 16, "backend_xmin",
 						   XIDOID, -1, 0);
+		TupleDescInitEntry(tupdesc, (AttrNumber) 17, "ssl",
+						   BOOLOID, -1, 0);
+		TupleDescInitEntry(tupdesc, (AttrNumber) 18, "sslversion",
+						   TEXTOID, -1, 0);
+		TupleDescInitEntry(tupdesc, (AttrNumber) 19, "sslcipher",
+						   TEXTOID, -1, 0);
+		TupleDescInitEntry(tupdesc, (AttrNumber) 20, "sslbits",
+						   INT4OID, -1, 0);
+		TupleDescInitEntry(tupdesc, (AttrNumber) 21, "sslcompression",
+						   BOOLOID, -1, 0);
+		TupleDescInitEntry(tupdesc, (AttrNumber) 22, "sslclientdn",
+						   TEXTOID, -1, 0);
 
 		funcctx->tuple_desc = BlessTupleDesc(tupdesc);
 
@@ -622,8 +634,8 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 	if (funcctx->call_cntr < funcctx->max_calls)
 	{
 		/* for each row */
-		Datum		values[16];
-		bool		nulls[16];
+		Datum		values[22];
+		bool		nulls[22];
 		HeapTuple	tuple;
 		LocalPgBackendStatus *local_beentry;
 		PgBackendStatus *beentry;
@@ -676,6 +688,21 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 		else
 			nulls[15] = true;
 
+		if (beentry->st_ssl)
+		{
+			values[16] = BoolGetDatum(true); /* ssl */
+			values[17] = CStringGetTextDatum(beentry->st_sslstatus->ssl_version);
+			values[18] = CStringGetTextDatum(beentry->st_sslstatus->ssl_cipher);
+			values[19] = Int32GetDatum(beentry->st_sslstatus->ssl_bits);
+			values[20] = BoolGetDatum(beentry->st_sslstatus->ssl_compression);
+			values[21] = CStringGetTextDatum(beentry->st_sslstatus->ssl_clientdn);
+		}
+		else
+		{
+			values[16] = BoolGetDatum(false); /* ssl */
+			nulls[17] = nulls[18] = nulls[19] = nulls[20] = nulls[21] = true;
+		}
+
 		/* Values only available to role member */
 		if (has_privs_of_role(GetUserId(), beentry->st_userid))
 		{
-- 
cgit v1.2.3