Home Explore Blog CI



postgresql
3rd chunk of `doc/src/sgml/sslinfo.sgml`
05a8b091c946cf2803adc6c326e6698772e35aaae5fc66960000000100000d17
 returns text</function>
     <indexterm>
      <primary>ssl_issuer_dn</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     Returns the full issuer name of the current client certificate, converting
     character data into the current database encoding.  Encoding conversions
     are handled the same as for <function>ssl_client_dn</function>.
    </para>
    <para>
     The combination of the return value of this function with the
     certificate serial number uniquely identifies the certificate.
    </para>
    <para>
     This function is really useful only if you have more than one trusted CA
     certificate in your server's certificate authority file, or if this CA
     has issued some intermediate certificate authority certificates.
    </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>
     <function>ssl_client_dn_field(fieldname text) returns text</function>
     <indexterm>
      <primary>ssl_client_dn_field</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     This function returns the value of the specified field in the
     certificate subject, or NULL if the field is not present.
     Field names are string constants that are converted into ASN1 object
     identifiers using the <productname>OpenSSL</productname> object
     database.  The following values are acceptable:
    </para>
<literallayout class="monospaced">
commonName (alias CN)
surname (alias SN)
name
givenName (alias GN)
countryName (alias C)
localityName (alias L)
stateOrProvinceName (alias ST)
organizationName (alias O)
organizationalUnitName (alias OU)
title
description
initials
postalCode
streetAddress
generationQualifier
description
dnQualifier
x500UniqueIdentifier
pseudonym
role
emailAddress
</literallayout>
    <para>
     All of these fields are optional, except <structfield>commonName</structfield>.
     It depends
     entirely on your CA's policy which of them would be included and which
     wouldn't.  The meaning of these fields, however, is strictly defined by
     the X.500 and X.509 standards, so you cannot just assign arbitrary
     meaning to them.
    </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>
     <function>ssl_issuer_field(fieldname text) returns text</function>
     <indexterm>
      <primary>ssl_issuer_field</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     Same as <function>ssl_client_dn_field</function>, but for the certificate issuer
     rather than the certificate subject.
    </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>
     <function>ssl_extension_info() returns setof record</function>
     <indexterm>
      <primary>ssl_extension_info</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     Provide information about extensions of client certificate: extension name,
     extension value, and if it is a critical extension.
    </para>
    </listitem>
   </varlistentry>
  </variablelist>
 </sect2>

 <sect2 id="sslinfo-author">
  <title>Author</title>

  <para>
   Victor Wagner <email>vitus@cryptocom.ru</email>, Cryptocom LTD
  </para>

  <para>
   Dmitry Voronin <email>carriingfate92@yandex.ru</email>
  </para>

  <para>
   E-Mail of Cryptocom OpenSSL development group:
   <email>openssl@cryptocom.ru</email>
  </para>
 </sect2>

</sect1>
Title: SSL Info Module Functions
Summary
The sslinfo module provides functions to retrieve detailed information about client certificates, including issuer and subject fields, extension information, and specific field values, which can be used to identify and verify certificates according to X.500 and X.509 standards.