Home Explore Blog CI



postgresql
2nd chunk of `doc/src/sgml/sslinfo.sgml`
4dc154b418866bd3200cbbf73124f72e6f3e6692c2770ae8000000010000093c
 The combination of
     certificate serial number and certificate issuer is guaranteed to
     uniquely identify a certificate (but not its owner — the owner
     ought to regularly change their keys, and get new certificates from the
     issuer).
    </para>

    <para>
     So, if you run your own CA and allow only certificates from this CA to
     be accepted by the server, the serial number is the most reliable (albeit
     not very mnemonic) means to identify a user.
    </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>
     <function>ssl_client_dn() returns text</function>
     <indexterm>
      <primary>ssl_client_dn</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     Returns the full subject of the current client certificate, converting
     character data into the current database encoding.  It is assumed that
     if you use non-ASCII characters in the certificate names, your
     database is able to represent these characters, too.  If your database
     uses the SQL_ASCII encoding, non-ASCII characters in the name will be
     represented as UTF-8 sequences.
    </para>

    <para>
     The result looks like <literal>/CN=Somebody /C=Some country/O=Some organization</literal>.
    </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>
     <function>ssl_issuer_dn() returns text</function>
     <indexterm>
      <primary>ssl_issuer_dn</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     Returns the full issuer name of the current client certificate, converting
     character data into the current database encoding.  Encoding conversions
     are handled the same as for <function>ssl_client_dn</function>.
    </para>
    <para>
     The combination of the return value of this function with the
     certificate serial number uniquely identifies the certificate.
    </para>
    <para>
     This function is really useful only if you have more than one trusted CA
     certificate in your server's certificate authority file, or if this CA
     has issued some intermediate certificate authority certificates.
    </para>
    </listitem>
   </varlistentry>

   <varlistentry>
    <term>
     <function>ssl_client_dn_field(fieldname text) returns text</function>
     <indexterm>
      <primary>ssl_client_dn_field</primary>
     </indexterm>
Title: SSL Info Module Functions
Summary
The sslinfo module provides additional functions to retrieve client certificate details, including the subject and issuer distinguished names, and specific fields from the client DN, which can be used to uniquely identify a certificate and its owner.