14
14
#include <openssl/asn1.h>
15
15
16
16
#include "access/htup_details.h"
17
- #include "common/int.h"
18
17
#include "funcapi.h"
19
18
#include "libpq/libpq-be.h"
20
19
#include "miscadmin.h"
21
20
#include "utils/builtins.h"
22
- #include "utils/timestamp.h"
23
21
24
22
/*
25
23
* On Windows, <wincrypt.h> includes a #define for X509_NAME, which breaks our
@@ -36,7 +34,6 @@ PG_MODULE_MAGIC;
36
34
37
35
static Datum X509_NAME_field_to_text (X509_NAME * name , text * fieldName );
38
36
static Datum ASN1_STRING_to_text (ASN1_STRING * str );
39
- static Datum ASN1_TIME_to_timestamptz (ASN1_TIME * time );
40
37
41
38
/*
42
39
* Function context for data persisting over repeated calls.
@@ -228,66 +225,6 @@ X509_NAME_field_to_text(X509_NAME *name, text *fieldName)
228
225
}
229
226
230
227
231
- /*
232
- * Converts OpenSSL ASN1_TIME structure into timestamptz
233
- *
234
- * OpenSSL 1.0.2 doesn't expose a function to convert an ASN1_TIME to a tm
235
- * struct, it's only available in 1.1.1 and onwards. Instead we can ask for the
236
- * difference between the ASN1_TIME and a known timestamp and get the actual
237
- * timestamp that way. Until support for OpenSSL 1.0.2 is retired we have to do
238
- * it this way.
239
- *
240
- * Parameter: time - OpenSSL ASN1_TIME structure.
241
- * Returns Datum, which can be directly returned from a C language SQL
242
- * function.
243
- */
244
- static Datum
245
- ASN1_TIME_to_timestamptz (ASN1_TIME * ASN1_cert_ts )
246
- {
247
- int days ;
248
- int seconds ;
249
- const char postgres_epoch [] = "20000101000000Z" ;
250
- ASN1_TIME * ASN1_epoch ;
251
- int64 result_days ;
252
- int64 result_secs ;
253
- int64 result ;
254
-
255
- /* Create an epoch to compare against */
256
- ASN1_epoch = ASN1_TIME_new ();
257
- if (!ASN1_epoch )
258
- ereport (ERROR ,
259
- (errcode (ERRCODE_OUT_OF_MEMORY ),
260
- errmsg ("could not allocate memory for ASN1 TIME structure" )));
261
-
262
- /* Calculate the diff from the epoch to the certificate timestamp */
263
- if (!ASN1_TIME_set_string (ASN1_epoch , postgres_epoch ) ||
264
- !ASN1_TIME_diff (& days , & seconds , ASN1_epoch , ASN1_cert_ts ))
265
- ereport (ERROR ,
266
- (errcode (ERRCODE_INVALID_PARAMETER_VALUE ),
267
- errmsg ("failed to read certificate validity" )));
268
-
269
- /*
270
- * Unlike when freeing other OpenSSL memory structures, there is no error
271
- * return on freeing ASN1 strings.
272
- */
273
- ASN1_TIME_free (ASN1_epoch );
274
-
275
- /*
276
- * Convert the reported date into usecs to be used as a TimestampTz. The
277
- * date should really not overflow an int64 but rather than trusting the
278
- * certificate we take overflow into consideration.
279
- */
280
- if (pg_mul_s64_overflow (days , USECS_PER_DAY , & result_days ) ||
281
- pg_mul_s64_overflow (seconds , USECS_PER_SEC , & result_secs ) ||
282
- pg_add_s64_overflow (result_days , result_secs , & result ))
283
- {
284
- return TimestampTzGetDatum (0 );
285
- }
286
-
287
- return TimestampTzGetDatum (result );
288
- }
289
-
290
-
291
228
/*
292
229
* Returns specified field of client certificate distinguished name
293
230
*
@@ -545,35 +482,3 @@ ssl_extension_info(PG_FUNCTION_ARGS)
545
482
/* All done */
546
483
SRF_RETURN_DONE (funcctx );
547
484
}
548
-
549
- /*
550
- * Returns current client certificate notBefore timestamp in
551
- * timestamptz data type
552
- */
553
- PG_FUNCTION_INFO_V1 (ssl_client_get_notbefore );
554
- Datum
555
- ssl_client_get_notbefore (PG_FUNCTION_ARGS )
556
- {
557
- X509 * cert = MyProcPort -> peer ;
558
-
559
- if (!MyProcPort -> ssl_in_use || !MyProcPort -> peer_cert_valid )
560
- PG_RETURN_NULL ();
561
-
562
- return ASN1_TIME_to_timestamptz (X509_get_notBefore (cert ));
563
- }
564
-
565
- /*
566
- * Returns current client certificate notAfter timestamp in
567
- * timestamptz data type
568
- */
569
- PG_FUNCTION_INFO_V1 (ssl_client_get_notafter );
570
- Datum
571
- ssl_client_get_notafter (PG_FUNCTION_ARGS )
572
- {
573
- X509 * cert = MyProcPort -> peer ;
574
-
575
- if (!MyProcPort -> ssl_in_use || !MyProcPort -> peer_cert_valid )
576
- PG_RETURN_NULL ();
577
-
578
- return ASN1_TIME_to_timestamptz (X509_get_notAfter (cert ));
579
- }
0 commit comments