index 0649b6b81cd926f0e8158f55eca7616cb48ba93a..c2565dfc709412aba5d4ae870e693bc9e0797b35 100644 (file)
keepalives_interval 'value',
tcp_user_timeout 'value',
-- requiressl 'value',
- sslcompression 'value',
sslmode 'value',
sslcert 'value',
sslkey 'value',
END;
$d$;
ERROR: invalid option "password"
-HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, sslcrldir, requirepeer, ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size, batch_size
+HINT: Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcert, sslkey, sslrootcert, sslcrl, sslcrldir, requirepeer, ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size, batch_size
CONTEXT: SQL statement "ALTER SERVER loopback_nopw OPTIONS (ADD password 'dummypw')"
PL/pgSQL function inline_code_block line 3 at EXECUTE
-- If we add a password for our user mapping instead, we should get a different
index 2b525ea44a88bc5dc432d73a96ce7110a30da1b3..a143a7040647014bae1ce01442dbcdbeff7646e5 100644 (file)
keepalives_interval 'value',
tcp_user_timeout 'value',
-- requiressl 'value',
- sslcompression 'value',
sslmode 'value',
sslcert 'value',
sslkey 'value',
index 0553279314283d5cfaf83a6eb18d762a3a9a629c..6d2e86a1f5933b7581e853005d40f9a8e1b512ac 100644 (file)
<term><literal>sslcompression</literal></term>
<listitem>
<para>
- If set to 1, data sent over SSL connections will be compressed. If
- set to 0, compression will be disabled. The default is 0. This
- parameter is ignored if a connection without SSL is made.
- </para>
-
- <para>
- SSL compression is nowadays considered insecure and its use is no
- longer recommended. <productname>OpenSSL</productname> 1.1.0 disables
- compression by default, and many operating system distributions
- disable it in prior versions as well, so setting this parameter to on
- will not have any effect if the server does not accept compression.
- </para>
-
- <para>
- If security is not a primary concern, compression can improve
- throughput if the network is the bottleneck. Disabling compression
- can improve response time and throughput if CPU performance is the
- limiting factor.
+ Ignored (formerly, this specified whether to attempt SSL compression).
</para>
</listitem>
</varlistentry>
@@ -2545,9 +2528,7 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
<term><literal>compression</literal></term>
<listitem>
<para>
- If SSL compression is in use, returns the name of the compression
- algorithm, or "on" if compression is used but the algorithm is
- not known. If compression is not in use, returns "off".
+ SSL compression is no longer supported, always returns "off".
</para>
</listitem>
</varlistentry>
@@ -7182,16 +7163,6 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
</para>
</listitem>
- <listitem>
- <para>
- <indexterm>
- <primary><envar>PGSSLCOMPRESSION</envar></primary>
- </indexterm>
- <envar>PGSSLCOMPRESSION</envar> behaves the same as the <xref
- linkend="libpq-connect-sslcompression"/> connection parameter.
- </para>
- </listitem>
-
<listitem>
<para>
<indexterm>
index 3513e127b78bce2670b21b6cc914403350c141c1..53692c0020b380df6069e9e7097ddeb2fcb79425 100644 (file)
@@ -3065,16 +3065,6 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
</para></entry>
</row>
- <row>
- <entry role="catalog_table_entry"><para role="column_definition">
- <structfield>compression</structfield> <type>boolean</type>
- </para>
- <para>
- True if SSL compression is in use, false if not,
- or NULL if SSL is not in use on this connection
- </para></entry>
- </row>
-
<row>
<entry role="catalog_table_entry"><para role="column_definition">
<structfield>client_dn</structfield> <type>text</type>
index fc94a73a54a85b0a4996f634b95c30f547b33f78..fb1116d09ad25f2cb5820524a761660494c34eb5 100644 (file)
S.sslversion AS version,
S.sslcipher AS cipher,
S.sslbits AS bits,
- S.sslcompression AS compression,
S.ssl_client_dn AS client_dn,
S.ssl_client_serial AS client_serial,
S.ssl_issuer_dn AS issuer_dn
index 4c4f025eb1a76dc428d15fec9f47be380df2cf7f..8c37381add39ff1b2b59dc3268aecd231de7155f 100644 (file)
/* disallow SSL session caching, too */
SSL_CTX_set_session_cache_mode(context, SSL_SESS_CACHE_OFF);
+ /* disallow SSL compression */
+ SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
+
/* set up ephemeral DH and ECDH keys */
if (!initialize_dh(context, isServerStart))
goto error;
return 0;
}
-bool
-be_tls_get_compression(Port *port)
-{
- if (port->ssl)
- return (SSL_get_current_compression(port->ssl) != NULL);
- else
- return false;
-}
-
const char *
be_tls_get_version(Port *port)
{
index f75b52719dddd79e56fe1b227cd08e793faf740c..9259dc9d3e19a983236020f32ff681ddef05af11 100644 (file)
{
lbeentry.st_ssl = true;
lsslstatus.ssl_bits = be_tls_get_cipher_bits(MyProcPort);
- lsslstatus.ssl_compression = be_tls_get_compression(MyProcPort);
strlcpy(lsslstatus.ssl_version, be_tls_get_version(MyProcPort), NAMEDATALEN);
strlcpy(lsslstatus.ssl_cipher, be_tls_get_cipher(MyProcPort), NAMEDATALEN);
be_tls_get_peer_subject_name(MyProcPort, lsslstatus.ssl_client_dn, NAMEDATALEN);
index 62bff52638d114bdbda2490946e110c3bd8e2dc7..318ce154fd2ee4ad59d6cbc5bce7f12b58349120 100644 (file)
@@ -569,7 +569,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
Datum
pg_stat_get_activity(PG_FUNCTION_ARGS)
{
-#define PG_STAT_GET_ACTIVITY_COLS 30
+#define PG_STAT_GET_ACTIVITY_COLS 29
int num_backends = pgstat_fetch_stat_numbackends();
int curr_backend;
int pid = PG_ARGISNULL(0) ? -1 : PG_GETARG_INT32(0);
pfree(clipped_activity);
/* leader_pid */
- nulls[29] = true;
+ nulls[28] = true;
proc = BackendPidGetProc(beentry->st_procpid);
*/
if (leader && leader->pid != beentry->st_procpid)
{
- values[29] = Int32GetDatum(leader->pid);
- nulls[29] = false;
+ values[28] = Int32GetDatum(leader->pid);
+ nulls[28] = false;
}
}
values[19] = CStringGetTextDatum(beentry->st_sslstatus->ssl_version);
values[20] = CStringGetTextDatum(beentry->st_sslstatus->ssl_cipher);
values[21] = Int32GetDatum(beentry->st_sslstatus->ssl_bits);
- values[22] = BoolGetDatum(beentry->st_sslstatus->ssl_compression);
if (beentry->st_sslstatus->ssl_client_dn[0])
- values[23] = CStringGetTextDatum(beentry->st_sslstatus->ssl_client_dn);
+ values[22] = CStringGetTextDatum(beentry->st_sslstatus->ssl_client_dn);
else
- nulls[23] = true;
+ nulls[22] = true;
if (beentry->st_sslstatus->ssl_client_serial[0])
- values[24] = DirectFunctionCall3(numeric_in,
+ values[23] = DirectFunctionCall3(numeric_in,
CStringGetDatum(beentry->st_sslstatus->ssl_client_serial),
ObjectIdGetDatum(InvalidOid),
Int32GetDatum(-1));
else
- nulls[24] = true;
+ nulls[23] = true;
if (beentry->st_sslstatus->ssl_issuer_dn[0])
- values[25] = CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);
+ values[24] = CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);
else
- nulls[25] = true;
+ nulls[24] = true;
}
else
{
values[18] = BoolGetDatum(false); /* ssl */
- nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = nulls[25] = true;
+ nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = true;
}
/* GSSAPI information */
if (beentry->st_gss)
{
- values[26] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
- values[27] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
- values[28] = BoolGetDatum(beentry->st_gssstatus->gss_enc); /* GSS Encryption in use */
+ values[25] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
+ values[26] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
+ values[27] = BoolGetDatum(beentry->st_gssstatus->gss_enc); /* GSS Encryption in use */
}
else
{
- values[26] = BoolGetDatum(false); /* gss_auth */
- nulls[27] = true; /* No GSS principal */
- values[28] = BoolGetDatum(false); /* GSS Encryption not in
+ values[25] = BoolGetDatum(false); /* gss_auth */
+ nulls[26] = true; /* No GSS principal */
+ values[27] = BoolGetDatum(false); /* GSS Encryption not in
* use */
}
}
nulls[26] = true;
nulls[27] = true;
nulls[28] = true;
- nulls[29] = true;
}
tuplestore_putvalues(tupstore, tupdesc, values, nulls);
index e5965bc517dd93a2110b5deec8d2f44d3e56b5dd..7abeccb536285ed3ce64605e3c308342d9a0bcbc 100644 (file)
#ifdef USE_SSL
if (port->ssl_in_use)
- appendStringInfo(&logmsg, _(" SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)"),
+ appendStringInfo(&logmsg, _(" SSL enabled (protocol=%s, cipher=%s, bits=%d)"),
be_tls_get_version(port),
be_tls_get_cipher(port),
- be_tls_get_cipher_bits(port),
- be_tls_get_compression(port) ? _("on") : _("off"));
+ be_tls_get_cipher_bits(port));
#endif
#ifdef ENABLE_GSS
if (port->gss)
index c98e3d31d0c711d0bf5d05bf8f61031a172e9e67..8d6970a4f341eec0120dc7d72ddc42938b3fc61f 100644 (file)
const char *protocol;
const char *cipher;
const char *bits;
- const char *compression;
if (!PQsslInUse(pset.db))
return; /* no SSL */
protocol = PQsslAttribute(pset.db, "protocol");
cipher = PQsslAttribute(pset.db, "cipher");
bits = PQsslAttribute(pset.db, "key_bits");
- compression = PQsslAttribute(pset.db, "compression");
- printf(_("SSL connection (protocol: %s, cipher: %s, bits: %s, compression: %s)\n"),
+ printf(_("SSL connection (protocol: %s, cipher: %s, bits: %s)\n"),
protocol ? protocol : _("unknown"),
cipher ? cipher : _("unknown"),
- bits ? bits : _("unknown"),
- (compression && strcmp(compression, "off") != 0) ? _("on") : _("off"));
+ bits ? bits : _("unknown"));
}
/*
index e28bbf1317d047d1f7e4bf0070beaa42689c98d2..81fd68348d54d8b96ccb678730da876c2e43824f 100644 (file)
*/
/* yyyymmddN */
-#define CATALOG_VERSION_NO 202103081
+#define CATALOG_VERSION_NO 202103091
#endif
index a0fe0851c4178bd40924b2568dbde5a8e5ac86cb..2ccc3e7c7c7d026f5bd3a8589984cc849fa3e912 100644 (file)
proname => 'pg_stat_get_activity', prorows => '100', proisstrict => 'f',
proretset => 't', provolatile => 's', proparallel => 'r',
prorettype => 'record', proargtypes => 'int4',
- proallargtypes => '{int4,oid,int4,oid,text,text,text,text,text,timestamptz,timestamptz,timestamptz,timestamptz,inet,text,int4,xid,xid,text,bool,text,text,int4,bool,text,numeric,text,bool,text,bool,int4}',
- proargmodes => '{i,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o}',
- proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,sslcompression,ssl_client_dn,ssl_client_serial,ssl_issuer_dn,gss_auth,gss_princ,gss_enc,leader_pid}',
+ proallargtypes => '{int4,oid,int4,oid,text,text,text,text,text,timestamptz,timestamptz,timestamptz,timestamptz,inet,text,int4,xid,xid,text,bool,text,text,int4,text,numeric,text,bool,text,bool,int4}',
+ proargmodes => '{i,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o}',
+ proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,ssl_client_dn,ssl_client_serial,ssl_issuer_dn,gss_auth,gss_princ,gss_enc,leader_pid}',
prosrc => 'pg_stat_get_activity' },
{ oid => '3318',
descr => 'statistics: information about progress of backends running maintenance command',
index 7be1a67d692f895a9e9900303cc5158ec986ef62..30fb4e613dae874069f16117edc97116fa6f1b14 100644 (file)
@@ -266,7 +266,6 @@ extern ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor);
* Return information about the SSL connection.
*/
extern int be_tls_get_cipher_bits(Port *port);
-extern bool be_tls_get_compression(Port *port);
extern const char *be_tls_get_version(Port *port);
extern const char *be_tls_get_cipher(Port *port);
extern void be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len);
index 724068cf87e79f562680177734b70cdbb7c2a767..e0c70d221be83da600645eef13bbf0e84af326fc 100644 (file)
{
/* Information about SSL connection */
int ssl_bits;
- bool ssl_compression;
char ssl_version[NAMEDATALEN];
char ssl_cipher[NAMEDATALEN];
char ssl_client_dn[NAMEDATALEN];
index f83af03d0a7930da266cc1f49195f5e4176c877f..fed06bb038ccfde06764b7baae48915b8c5cc1d3 100644 (file)
@@ -293,9 +293,12 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
"SSL-Mode", "", 12, /* sizeof("verify-full") == 12 */
offsetof(struct pg_conn, sslmode)},
- {"sslcompression", "PGSSLCOMPRESSION", "0", NULL,
- "SSL-Compression", "", 1,
- offsetof(struct pg_conn, sslcompression)},
+ /*
+ * "sslcompression" is no longer used, but keep it present for backwards
+ * compatibility.
+ */
+ {"sslcompression", NULL, NULL, NULL,
+ "SSL-Compression", "D", 1, -1},
{"sslcert", "PGSSLCERT", NULL, NULL,
"SSL-Client-Cert", "", 64,
free(conn->sslcrl);
if (conn->sslcrldir)
free(conn->sslcrldir);
- if (conn->sslcompression)
- free(conn->sslcompression);
if (conn->requirepeer)
free(conn->requirepeer);
if (conn->ssl_min_protocol_version)
index 0fa10a23b4a5d652913c51ec3fed32c34a988e1e..c88dd3a118321686c61074490fa25a69417bd89c 100644 (file)
if (have_rootcert)
SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, verify_cb);
- /*
- * Set compression option if necessary.
- */
- if (conn->sslcompression && conn->sslcompression[0] == '0')
- SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
- else
- SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION);
+ /* disable SSL compression */
+ SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION);
return 0;
}
@@ -1553,8 +1548,12 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
if (strcmp(attribute_name, "cipher") == 0)
return SSL_get_cipher(conn->ssl);
+ /*
+ * SSL compression is disabled, so even if connecting to an older server
+ * which still supports it, it will not be active.
+ */
if (strcmp(attribute_name, "compression") == 0)
- return SSL_get_current_compression(conn->ssl) ? "on" : "off";
+ return "off";
if (strcmp(attribute_name, "protocol") == 0)
return SSL_get_version(conn->ssl);
index 8d51e6ed9ff18f5db9f258f04acfdd66142e7cae..cca98c14bf88a4c165dc31d3c222413e1a19373c 100644 (file)
char *keepalives_count; /* maximum number of TCP keepalive
* retransmits */
char *sslmode; /* SSL mode (require,prefer,allow,disable) */
- char *sslcompression; /* SSL compression (0 or 1) */
char *sslkey; /* client key filename */
char *sslcert; /* client certificate filename */
char *sslpassword; /* client key file password */
index b1c9b7bdfe397c6910916aaa5f70b40fe38623ba..dd5cc9c2213a1b68b2b7865dd42343b37864a0cb 100644 (file)
s.backend_xmin,
s.query,
s.backend_type
- FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
+ FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
LEFT JOIN pg_database d ON ((s.datid = d.oid)))
LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));
pg_stat_all_indexes| SELECT c.oid AS relid,
s.gss_auth AS gss_authenticated,
s.gss_princ AS principal,
s.gss_enc AS encrypted
- FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
+ FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
WHERE (s.client_port IS NOT NULL);
pg_stat_progress_analyze| SELECT s.pid,
s.datid,
w.sync_priority,
w.sync_state,
w.reply_time
- FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
+ FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
JOIN pg_stat_get_wal_senders() w(pid, state, sent_lsn, write_lsn, flush_lsn, replay_lsn, write_lag, flush_lag, replay_lag, sync_priority, sync_state, reply_time) ON ((s.pid = w.pid)))
LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));
pg_stat_replication_slots| SELECT s.slot_name,
s.sslversion AS version,
s.sslcipher AS cipher,
s.sslbits AS bits,
- s.sslcompression AS compression,
s.ssl_client_dn AS client_dn,
s.ssl_client_serial AS client_serial,
s.ssl_issuer_dn AS issuer_dn
- FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, sslcompression, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
+ FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, leader_pid)
WHERE (s.client_port IS NOT NULL);
pg_stat_subscription| SELECT su.oid AS subid,
su.subname,
index 864f6e209f5d8d408eb1ef2b2c060214d044911e..ee97f6f069725ac79072757f5e9344c409376a76 100644 (file)
@@ -17,7 +17,7 @@ if ($ENV{with_ssl} ne 'openssl')
}
else
{
- plan tests => 100;
+ plan tests => 101;
}
#### Some configuration
qr/root certificate file "invalid" does not exist/,
"connect without server root cert sslmode=verify-full");
+# Test deprecated SSL parameters, still accepted for backwards
+# compatibility.
+test_connect_ok(
+ $common_connstr,
+ "sslrootcert=invalid sslmode=require sslcompression=1 requiressl=1",
+ "connect with deprecated connection parameters");
+
# Try with wrong root cert, should fail. (We're using the client CA as the
# root, but the server's key is signed by the server CA.)
test_connect_fails($common_connstr,
"$common_connstr sslrootcert=invalid", '-c',
"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"
],
- qr{^pid,ssl,version,cipher,bits,compression,client_dn,client_serial,issuer_dn\r?\n
- ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,_null_,_null_,_null_\r?$}mx,
+ qr{^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn\r?\n
+ ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,_null_,_null_,_null_\r?$}mx,
'pg_stat_ssl view without client certificate');
# Test min/max SSL protocol versions.
'-c',
"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"
],
- qr{^pid,ssl,version,cipher,bits,compression,client_dn,client_serial,issuer_dn\r?\n
- ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,f,/CN=ssltestuser,1,\Q/CN=Test CA for PostgreSQL SSL regression test client certs\E\r?$}mx,
+ qr{^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn\r?\n
+ ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,/CN=ssltestuser,1,\Q/CN=Test CA for PostgreSQL SSL regression test client certs\E\r?$}mx,
'pg_stat_ssl with client certificate');
# client key with wrong permissions