Add test cases for contrib/sslinfo and enable it (#8105)

Add certificates & keys and test cases for contrib/sslinfo

Use `echo` + `sed` to add/remove options in postgresql.conf of
master node and standby node. This method could completely restore
the SSL related options in postgresql.conf. The imperfect point is
this way may overwrite the existing certificates and keys under data directory.

We use newly created certificates and keys, instead of certificates in src/test/ssl/ssl. Because there some fields in those certificates are missing in the test.
`sslinfo` will only be compiled and packaged when `--with-openssl` option is enabled in configuration, otherwise `sslinfo` is omitted.

GNUmakefile.in

@@ -26,6 +26,9 @@ all:
 	$(MAKE) -C contrib/pg_xlogdump all
 	$(MAKE) -C contrib/hstore all
 	$(MAKE) -C contrib/pgcrypto all
+ifeq ($(with_openssl), yes)
+	$(MAKE) -C contrib/sslinfo all
+endif
 	$(MAKE) -C gpAux/extensions all
 	$(MAKE) -C gpAux/gpperfmon all
 	$(MAKE) -C gpAux/platform all
@@ -61,6 +64,9 @@ install:
 	$(MAKE) -C contrib/pg_xlogdump $@
 	$(MAKE) -C contrib/hstore $@
 	$(MAKE) -C contrib/pgcrypto $@
+ifeq ($(with_openssl), yes)
+	$(MAKE) -C contrib/sslinfo $@
+endif
 	$(MAKE) -C gpMgmt $@
 	$(MAKE) -C gpAux/extensions $@
 	$(MAKE) -C gpAux/gpperfmon $@
@@ -138,23 +144,18 @@ $(call recurse,check-world,src/test src/pl src/interfaces/ecpg contrib src/bin g
 # which probably indicates that we're relying on undefined behavior... we should
 # probably pull anything order-dependent out of recurse() and back into the
 # recipe body).
-# GPDB_94_MERGE_FIXME: We should stop listing each contrib module here separately.
-$(call recurse,installcheck-world, \
-			   src/test/ \
-			   src/pl \
-			   src/interfaces/gppc \
-			   contrib/auto_explain \
-			   contrib/citext \
-			   contrib/file_fdw \
-			   contrib/formatter_fixedwidth \
-			   contrib/extprotocol \
-			   contrib/dblink \
-			   contrib/indexscan \
-			   contrib/hstore \
-			   contrib/pgcrypto \
-			   gpcontrib \
-			   src/bin/ \
-			   gpMgmt/bin,installcheck)
+ICW_TARGETS  = src/test src/pl src/interfaces/gppc
+ICW_TARGETS += contrib/auto_explain contrib/citext
+ICW_TARGETS += contrib/file_fdw contrib/formatter_fixedwidth
+ICW_TARGETS += contrib/extprotocol contrib/dblink
+ICW_TARGETS += contrib/indexscan contrib/hstore contrib/pgcrypto
+# sslinfo depends on openssl
+ifeq ($(with_openssl), yes)
+ICW_TARGETS += contrib/sslinfo
+endif
+ICW_TARGETS += gpcontrib src/bin gpMgmt/bin
+
+$(call recurse,installcheck-world, $(ICW_TARGETS),installcheck)
 
 # GPDB: Postgres disables the SSL tests during ICW because of the TCP port that
 # it opens to other users on the same machine during testing. GPDB makes no such

contrib/sslinfo/Makefile

@@ -6,6 +6,8 @@ OBJS = sslinfo.o
 EXTENSION = sslinfo
 DATA = sslinfo--1.0.sql sslinfo--unpackaged--1.0.sql
 
+REGRESS = sslinfo
+
 ifdef USE_PGXS
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)

contrib/sslinfo/config.bash

+# This bash script is internally used by sslinfo test
+function sslinfo_prepare() {
+echo "Enable SSL in postgresql.conf with master only..."
+standby_data=`gpstate -f | sed -n '/Standby data directory/s/.*Standby data directory\s\+=\s*//p'`
+
+echo "#BEGIN SSLINFO CONF : BEGIN ANCHOR##" >> $MASTER_DATA_DIRECTORY/postgresql.conf
+echo "ssl=on" >> $MASTER_DATA_DIRECTORY/postgresql.conf
+echo "ssl_ciphers='HIGH:MEDIUM:+3DES:!aNULL'" >> $MASTER_DATA_DIRECTORY/postgresql.conf
+echo "ssl_cert_file='server.crt'" >> $MASTER_DATA_DIRECTORY/postgresql.conf
+echo "ssl_key_file='server.key'" >> $MASTER_DATA_DIRECTORY/postgresql.conf
+echo "ssl_ca_file='root.crt'" >> $MASTER_DATA_DIRECTORY/postgresql.conf
+echo "#END SSLINFO CONF : END ANCHOR##" >> $MASTER_DATA_DIRECTORY/postgresql.conf
+
+echo "#BEGIN SSLINFO CONF : BEGIN ANCHOR##" >> $standby_data/postgresql.conf
+echo "ssl=on" >> $standby_data/postgresql.conf
+echo "ssl_ciphers='HIGH:MEDIUM:+3DES:!aNULL'" >> $standby_data/postgresql.conf
+echo "ssl_cert_file='server.crt'" >> $standby_data/postgresql.conf
+echo "ssl_key_file='server.key'" >> $standby_data/postgresql.conf
+echo "ssl_ca_file='root.crt'" >> $standby_data/postgresql.conf
+echo "#END SSLINFO CONF : END ANCHOR##" >> $standby_data/postgresql.conf
+
+echo "preparing CRTs and KEYs"
+cp -f data/root.crt   $MASTER_DATA_DIRECTORY/
+cp -f data/server.crt $MASTER_DATA_DIRECTORY/
+cp -f data/server.key $MASTER_DATA_DIRECTORY/
+chmod 400 $MASTER_DATA_DIRECTORY/server.key
+chmod 644 $MASTER_DATA_DIRECTORY/server.crt
+chmod 644 $MASTER_DATA_DIRECTORY/root.crt
+
+cp -f data/root.crt   $standby_data/
+cp -f data/server.crt $standby_data/
+cp -f data/server.key $standby_data/
+chmod 400 $standby_data/server.key
+chmod 644 $standby_data/server.crt
+chmod 644 $standby_data/root.crt
+
+mkdir -p ~/.postgresql
+cp -f data/root.crt         ~/.postgresql/
+cp -f data/postgresql.crt   ~/.postgresql/
+cp -f data/postgresql.key   ~/.postgresql/
+chmod 400 ~/.postgresql/postgresql.key
+chmod 644 ~/.postgresql/postgresql.crt
+chmod 644 ~/.postgresql/root.crt
+}
+
+function sslinfo_clean() {
+echo "restore SSL in postgresql.conf with master only"
+standby_data=`gpstate -f | sed -n '/Standby data directory/s/.*Standby data directory\s\+=\s*//p'`
+sed -i '/#BEGIN SSLINFO CONF : BEGIN ANCHOR##/,/#END SSLINFO CONF : END ANCHOR##/d' $MASTER_DATA_DIRECTORY/postgresql.conf
+sed -i '/#BEGIN SSLINFO CONF : BEGIN ANCHOR##/,/#END SSLINFO CONF : END ANCHOR##/d' $standby_data/postgresql.conf
+}
+
+case "$1" in
+prepare)
+    sslinfo_prepare
+    ;;
+clean)
+    sslinfo_clean
+    ;;
+*)
+    echo "$0 { prepare | clean }"
+    exit 1
+esac

contrib/sslinfo/data/postgresql.crt

+-----BEGIN CERTIFICATE-----
+MIIEyDCCArCgAwIBAgIJANI3fEfqiJWrMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyMjAyMzk1MFow
+fzEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUuY29tMQswCQYDVQQGEwJDTjEQMA4G
+A1UECAwHUWluZ2RhbzEXMBUGA1UEBwwOQ2xpZW50TG9jYWxpdHkxFzAVBgNVBAoM
+DlNTTElORk8tQ2xpZW50MQ8wDQYDVQQLDAZDbGllbnQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC/yRHtprgZEOSzfyzie6wWnCoc0RkhzIeHR0+i0p1A
+vZamxGMb2NwlphoZV3/eXYjb1ocVCqnfiUkPjFQClVOmhyRV3qs9qvRq3kx2wHSP
+1EfCwX+P7u0F0cOEbTjkfzaUmDr/f6jHl/GwOogQF2ws8tITLdVWjudQfoY7tXsC
+kRc5NqARFY0R6xV6AoQU8OqTXHUkZoAE9CZu93f5DQ6t+on9dYP3tT/kOZLcngnV
+hqCvKrNJQyryjqT0pQqlMEhA7f8CvztBVtP+t3lKOLCe8+6ZTZmn8iKgqab7tMNE
+SAZr985ftamNVDJ9m0vJkRCc6dTVxDt6u4titanL/p35AgMBAAGjUDBOMB0GA1Ud
+DgQWBBQGLZpXzMeD/NF/B2jWCXrocq/3XDAfBgNVHSMEGDAWgBQrI82U2eYK0vis
+P3JF3fah+Ee5gjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCULD4Z
+5MBu6axs0aly0mITsN/wYm5yUd09oqsetKNUmn7Ki9Ut0uVlb5fRUVm+EfOtVgQV
+UJ3Xv78b3DD12b6AkcF9Kaw09uPo74Bv4hpXhWK/3i55Jdx4RvgQq/kjEXLnZqmK
+8vU97TgnnkAIBHlA3VMO35wPVlVXwARnrBuJuk2afWfCxlm0L7CqtrsEHphhUD1M
+OJ3heLikKs5LwLaRmxtznYWeEU47f8YgIrc9MmHiWDqgjBS/he4zVz04nnxiK4qR
+L35gMTacE/jRczB1TQeJX0IVIwWIN2yCZhvxQuWDa4fq/NfCORRwm3SBzEbmvV5/
+U+s/6KTEXkBaBexFXu4X2tCfyByhRy0/6U0CbLbAPYgZQfKKTtFdVDWo14slHrxx
+730WByfHePeZgTCKpobRSSvRxD6ihQICrLerMzUClR8762uIg2OLbpHiF6k4D/gX
+EOP1UwxD6IDX8jlJRICHO9HxpuXxr7v+CMihxUvQ/cPLyPiPZ8bDWJcDkUSkDo9Q
+lXyDS9cjrhr3fVoYnUV92F4/LKyxof7lnCy+rXrR2IZM75d6Co6MmcEkXBrEnLW1
+XTyewRByxwuWJ69vM9GDhTR2Gsi7RZbXfkLUnbaqIhwOeRDnT1ubaNHF09dytbXM
+DU5ToLhzZZcrrCD1TZGZ0zecLyVfIZ2YGcCmMg==
+-----END CERTIFICATE-----

contrib/sslinfo/data/postgresql.key

+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/yRHtprgZEOSz
+fyzie6wWnCoc0RkhzIeHR0+i0p1AvZamxGMb2NwlphoZV3/eXYjb1ocVCqnfiUkP
+jFQClVOmhyRV3qs9qvRq3kx2wHSP1EfCwX+P7u0F0cOEbTjkfzaUmDr/f6jHl/Gw
+OogQF2ws8tITLdVWjudQfoY7tXsCkRc5NqARFY0R6xV6AoQU8OqTXHUkZoAE9CZu
+93f5DQ6t+on9dYP3tT/kOZLcngnVhqCvKrNJQyryjqT0pQqlMEhA7f8CvztBVtP+
+t3lKOLCe8+6ZTZmn8iKgqab7tMNESAZr985ftamNVDJ9m0vJkRCc6dTVxDt6u4ti
+tanL/p35AgMBAAECggEBAJWd0A29bYuogTKC+UoqvwLYi4X1ngyfGe/wMvFMK3+R
+KBErzkGwOXZpkZzJhSi9gYI3ZySEMCgCWuv1RqjJQ/v7G96dmqu+TXV9vNs7ovN9
+4QnPmKt58pECpuwNpT+k+riL1iLyvYIQSG16DCG5lBuwxzBNJkyjqVNDkYbNOoyx
+tVwiXv6kVWbwtHye52xw6CyUQVBiKzV9YPiCDvS9Hinf16gzubuyQxr5p8/Ty4De
+etT3u1WJ1NvPolrpLYtdS4+wSolJ27zSpt5Bhu8H7sZGZ7Rs6pa90AchYxCSAKzj
+6FJzo6gGMOgwrH+qV/buTBgMTX74SI9dFsiSg6laujECgYEA/LccG+1tiDgZcN50
+zdKAvrUQ9rWfcyh0xe0mTR/hti1KXg0u0Zh/sMcUWSlFEICY9UAPJTSv0Ztgm2lY
+t9gN9Pz9fqVTJIlIstBJMC/iQ2sG2/7cX+INGgOSFZTesRVPG5PTEApXbtveP56W
+tOPodFTwJff+lz9eBeDlZYVppo0CgYEAwkc4kYDWaO1bMm2fAaKg8BSmdtBMlnG2
+Xjq7BgMGDEtIMNNIbK95QvWGbhfFz/6XI0XLwTT4j7Hgbkj4jT3uQurLCCkgLOWt
+pMJqMZtJgQ4bMtM4WsG7UgDpjSfmsYlF7lzO0MBchGV5eGUUcaM6RJ1LhFv88+b6
+DIgCyZ3RwB0CgYEAwpXDgQV6Fy8K98tyKKDzHOSSYURLuAHomBYYLb5krz+ESZLg
+/+XqPBWt51FNqn06SWy/vKgq0LxQ0Jl3BGfJp1+9WGy37iP+5CBYmk/kaoDYUUCW
+MwX9jJA/RXrRVYzQ0q0qEOnFlMibAmV8KWBrNlfIaZPgZlkWbnRSba8iQGkCgYAD
+7YayQmWTV4EpgtfdI5mXYQOAkXOK8x+Zxhwz4enEY91Ax3TGZcHQ3b/rB+YC74XE
+u8uDy3tfBFyiPi1wRZlElxSlxJcW8UnSc+/LsvUIe+2G2IhiJVqRLN2L8guS+VCF
+ojC4PbthHeAX1AtWxNMPwhJdybJSiA/0IufThbJQ7QKBgEsiIAtuYVVHNK5dhW5A
+5kihuBKRXjdOduLkL2FZab+PoNdJF6gw2LAq6s3RtLcl3u5kG+t/L7sHDuqflA/6
+CXT8Zwf5J4yfuFezZg+NKK/VI4x+nZJymioY/GOyoX7KgjICLHyyZ0gVGu0XSHkL
+OxqlBnUO8Jq7NxnJq6yVuEu9
+-----END PRIVATE KEY-----

contrib/sslinfo/data/root.crt

+-----BEGIN CERTIFICATE-----
+MIIFvzCCA6egAwIBAgIJAN1mnmY6kmCfMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyNzAyMzk1MFow
+djEZMBcGA1UEAwwQcm9vdC5leGFtcGxlLmNvbTELMAkGA1UEBhMCQ04xEDAOBgNV
+BAgMB0JlaWppbmcxFTATBgNVBAcMDFJvb3RMb2NhbGl0eTEUMBIGA1UECgwLU1NM
+SU5GTy1kZXYxDTALBgNVBAsMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDXWqhDEJH8qNxycPFM0ovhLWnktASG3dbklpaLCXOGKlTbbxjaJzbh
+3C+iBPOKqsPLZya3SgOnuOQr/WkM34gPBMtjqzBudQS1/+HD7r13/I9Nc4Sn7l3Y
+6KMVJ9JnyWmzp8bPSGV+3Jb4R/Cujkz+d8e9MhBL67x1yz+aQ3Z7gdiCKvDe6TS5
+hY4S4RvXuZ4FMw9nZSb2BH6UIkLs9aYnuiX0DCUasYEsOi1RhQI0m6OWjNU44zvQ
+yHou6hLUe/RfW2tzKSXByyiqTVYQnsC68awxs535n9etM6YJg13BV69+tQCIV4Z0
+RSbZfWdRYK6kHiAa2zYMl+LEP2ybE5LCbsGBOlUj6JgddFmrXFVGhK44GFVxDHlV
+78KImkbhN5Z/NEcY6exHoBnTgupJy5JgYIEhufgDGp2Mm59xLS9pjWYSZO+e5LXf
+sHUDQJQe+kyBTawbUP8KlCsIZNQfIQa5b3RjNRtOL4CtH4d1Mv9z/rNJ8NszsZBt
+BmY66HloKzYS2ljzecaiHLkSfNBSqidRtlFKYgAndVUgsvRs5K0Ok8nYDtzmMyXT
+K+GZ9EcozEI1QTM7oXYL/hcJqqgLeJYGMVxs02Ltf7UY/eaIlQAJ5cp9IvTFdA4V
+nQH9cnfgRThduxZCnaRbXIyz/4fWjd7xnn4J/jFzlfYUktKxNfDnwwIDAQABo1Aw
+TjAdBgNVHQ4EFgQUKyPNlNnmCtL4rD9yRd32ofhHuYIwHwYDVR0jBBgwFoAUKyPN
+lNnmCtL4rD9yRd32ofhHuYIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEAZ6LdR4cBVavj/uDMUqH1LWyyhTBUBkzrqbQXpUeBECdxJMU6jmsWRkEd5A+8
+Tv8Cez0y8Wio4RcBl/YFSR9pHdWsVqCOwXUShcba2sMX+12SAxXplnIV3vqWlm2g
+nV5auO3kkI2rPDMD2qxoRswKOeJi3l/aThY6AfYIEeXqaj+fSoWVxrkYphgCvFF5
+aFSQYLRvtfw0ixPC1gklNFEnGzsLgiSxybaVXpv470Yp9seR6OFLlCqu+cYY+Z2G
+JfMc3IwYN3MKPJ6r7hr0p7L9qiYawbZ21rnuVoY+9gRTFKK/GVEAzgLB9T1jI4lC
+M3867dP7VmpVJOgrsXV93+/uzwjji2ktpuohFls+P499cDrebtDeIwGVqlahrVE8
+ryFVRoxBiz/8rWBxkaezkzx7EyHiZG0x7EH28XBrFsQsBCqpn62PD0bAXn5vxWgU
+Q+O/KqwK0Nb+aWmYVv3qQ77Dd3+vwl2gJxozQgO/aD4BVDrE0aguejXoBTGpl+3c
+6p3JeUXC5nSQRAYJByHe2aLJ7oU2QNioOOVQwwhwi+Qdx6jxouUQFlSAVQQ6kh7p
+Kb7ZzdPmLGoeecQj2SncZ2mbV6iEoufYhIzynC/uTegjiDkRHnq8+smshd+nAY0p
+QJpOfp6whz8NMs0ee754bHmk0k1HJwfsXUJe1b1C07IQHZo=
+-----END CERTIFICATE-----

contrib/sslinfo/data/server.crt

+-----BEGIN CERTIFICATE-----
+MIIEyjCCArKgAwIBAgIJANI3fEfqiJWqMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyMjAyMzk1MFow
+gYAxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTELMAkGA1UEBhMCQ04xETAP
+BgNVBAgMCFNoYW5naGFpMRcwFQYDVQQHDA5TZXJ2ZXJMb2NhbGl0eTEXMBUGA1UE
+CgwOU1NMSU5GTy1TZXJ2ZXIxDzANBgNVBAsMBlNlcnZlcjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAN+D6B/0RJoPH8Gv9zGGVCxqXOMu4MXIaumetX/R
+la/KrxaFpSkEGIui6iXwTezanKyUZ6Cb4j0IEQZwnITzkchrWawj7xA2cCs25GH2
+UOARPo8V6J5oqy7p8mj/iytApfjllndvDEGqf/YZfd395qZIGv5UfDMB/A9sKch0
+UhwxSxWFHaCwpFU+ZLESE3H8/9yBwGQRZzYd8WyZsOCXK2m9IWGOAp1kH80SQ23F
+GJ7MThWjog76pJ87vfjouAvXaXhwxN36PaMxpx31i5m7epI0Wrvg1SIxeVnIVjw7
+UMGsE/h+Oj0jiPPiynUsPLZ1MCDy85pHvQFUfnFnVQ9fD2kCAwEAAaNQME4wHQYD
+VR0OBBYEFBoUI/bZg3fhCXEcv0iUd/aihrO9MB8GA1UdIwQYMBaAFCsjzZTZ5grS
++Kw/ckXd9qH4R7mCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABpO
+QRDT+YwOBlA/Nh5A98159zlpyHL7bUep/5v8rprQCWDaZRoxDJhSQ3lLbVzfPolL
+U+1XU3Ur4KitMapn0mRLs9Zso2ezDHhE7Nj2yqj/67H6XAHMc0/4WjUIJoYo0nLU
+oH9HUugMD1B5AKE0CHMKltwKesJoNv0MSr+shaf+y50iTQno5wigc3YIVdxDwgLt
+OW/pRUbcBKGwW9VlBlkaU0TfnWQlkgo9ER57wCp0xYFE1ndzsM6w2bRCxS5YqvHs
+xPN1fq9OVOr0dSH18jPXnWfgFK62YwMxppsEYZXElg237J7+ZElztfLW36ZF2t1v
+8E5r69M0mmbM4R1L3gcCaM/qWbCzitfY1W5ZcQnS6Oiu0EhYgiULPbnH1BEVlzAw
+Gyuav1cztLsxemryg7YvWzW7p3/h/nNdBpQgv8ZHysdrwBOgkD58zQzcqydqjdsZ
+eeAQ0zS3SvxZnjJeGJpd8KT0VoTA1OxEb9VkWHjuZvAxJNej1E0JpLjpV6lzuJz0
+NwH7RvuCI5cfvpICnhSqHtAQsycnMrNXp9F+1Zi0agFZlglrOze4AJSPc2i3maJu
+AJsd+/k972vuKG0W9PuPvprncp3UD/Rc6KGZInW4V1ThpfoAOGsVxL5FfAclKNai
+S3dqBd5vLJlbalFbTpcypxmeq2fUaPE/Xo8ArQAy
+-----END CERTIFICATE-----

contrib/sslinfo/data/server.key

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDfg+gf9ESaDx/B
+r/cxhlQsalzjLuDFyGrpnrV/0ZWvyq8WhaUpBBiLouol8E3s2pyslGegm+I9CBEG
+cJyE85HIa1msI+8QNnArNuRh9lDgET6PFeieaKsu6fJo/4srQKX45ZZ3bwxBqn/2
+GX3d/eamSBr+VHwzAfwPbCnIdFIcMUsVhR2gsKRVPmSxEhNx/P/cgcBkEWc2HfFs
+mbDglytpvSFhjgKdZB/NEkNtxRiezE4Vo6IO+qSfO7346LgL12l4cMTd+j2jMacd
+9YuZu3qSNFq74NUiMXlZyFY8O1DBrBP4fjo9I4jz4sp1LDy2dTAg8vOaR70BVH5x
+Z1UPXw9pAgMBAAECggEAFmn34RxxtLFHkfi/ZSv/TOTto6qTx8GtVvgfY031IMfG
+fw+v3EkY3QfdSyip59KUW4oWSjjXmx8v9eFdEMgMGnkJaQXBd3K+FNdQV7KHsbCJ
+AXhE932vjOjQ8k6N+ixleGwthpSQOhWK93be9F/9vTcF3fNC8SqFyFYkaoGfqkvn
+LVzau0CzfMZ41XKqShca0RMUv2jWeVPI4pzMMLcWiUcxmy+n6Tsp7e5yiU9zTCTy
+ngTYKlr1Ge3vtEDyybbwl2ogMjS/ZADpnFdm/oZAHviBRU8iCEEQWWNaC3fP8FVs
+r/dmOTis2Y0B08P8z0jS6LZdTKbYSRHbdoP6Ph5FwQKBgQDxZBRU9VtOjkLtfaSv
+yPbH5kTf9euXOuoon2VUP9NZyGWrwCiMeRuAOlSyk/3WkkkMcQcmyOdVjR/nVNR/
+x7OxrQtBYpaDTIUBcOteDJSAI7v6+m7WvlW6zUXuVGz3NmUlBdiAYfssuOiqJ/6G
++zVKP2iRmmpEeh6zQ3IYaLZK1QKBgQDtCuAvqD07svZC2drHqZfeNPTR/51nMN6f
+4qQgRQT6SHYKzmCCul4AmgyLaB0WSAYICFotFkZvwb8435LuxlTdaNEx+qbSJgyQ
+l6drLZc3ToEXE4rzCiVDrE6K2n1ZsbWtJAlcWCmGrjS8ZUJBNkcivm7hpfSmfwZA
+Bj9fyHNURQKBgCm5YspMnru1W1wxm4XG9uEWrFEJ8O7zAAaFhr5JSf765JgLXvbo
++Bfx/THg4r90Caxc3R+XGmVvP1R9FT4BBs5vWsKyh9GqKFNXcVeQVRrREm0PXJlB
+zQ+865mGfk88177Og92tEf1o+M5wm045nbx3uVtxlWzArw3NWqtdbiUBAoGBAIQp
+mC16JAnxEhTb2nuQNziRVh7v4hbyzG1gtBm54biaRhZoUq8QsfCr82qWtgECTzqT
+TZPt43/UCoXvQcEXm6GHG3w+QFzTEhZcN+AuHy2a+6aeIs63TWeZ3oDUqSclSiIr
+AX0XOq/42TZhTruFQ8w/WRs+qFVcZWO1GAiTfpnxAoGAL1OM25AufgJJd7GS72Yp
+hMMtx17PoknmehwxhEchfA0wphIhn9ScwPyJy6m4O6wxKEptnXFWE19xBbXJO0Pt
+Mr3HHhuqa/dgH7dqalbfubuydgxUkScvM9PI5KzqfcKDifkklBZTnWr6eMXbttam
+zk4WNpEluaYe5SG4EBNjmSQ=
+-----END PRIVATE KEY-----

contrib/sslinfo/expected/sslinfo.out

+\! bash config.bash prepare
+Enable SSL in postgresql.conf with master only...
+preparing CRTs and KEYs
+-- start_ignore
+-- end_ignore
+\! echo "gpstop begin ret = $?"
+gpstop begin ret = 0
+\c - - localhost
+CREATE EXTENSION sslinfo;
+SELECT ssl_is_used();
+ ssl_is_used 
+-------------
+ t
+(1 row)
+
+SELECT ssl_version() IS NOT NULL AS version_ok;
+ version_ok 
+------------
+ t
+(1 row)
+
+SELECT ssl_cipher() IS NOT NULL AS cipher_ok;
+ cipher_ok 
+-----------
+ t
+(1 row)
+
+SELECT ssl_client_cert_present();
+ ssl_client_cert_present 
+-------------------------
+ t
+(1 row)
+
+SELECT ssl_client_serial();
+  ssl_client_serial   
+----------------------
+ 15147712520003294635
+(1 row)
+
+SELECT ssl_client_dn();
+                                   ssl_client_dn                                    
+------------------------------------------------------------------------------------
+ /CN=client.example.com/C=CN/ST=Qingdao/L=ClientLocality/O=SSLINFO-Client/OU=Client
+(1 row)
+
+SELECT ssl_issuer_dn();
+                               ssl_issuer_dn                               
+---------------------------------------------------------------------------
+ /CN=root.example.com/C=CN/ST=Beijing/L=RootLocality/O=SSLINFO-dev/OU=Test
+(1 row)
+
+SELECT ssl_client_dn_field('CN') AS client_dn_CN;
+    client_dn_cn    
+--------------------
+ client.example.com
+(1 row)
+
+SELECT ssl_client_dn_field('C') AS client_dn_C;
+ client_dn_c 
+-------------
+ CN
+(1 row)
+
+SELECT ssl_client_dn_field('ST') AS client_dn_ST;
+ client_dn_st 
+--------------
+ Qingdao
+(1 row)
+
+SELECT ssl_client_dn_field('L') AS client_dn_L;
+  client_dn_l   
+----------------
+ ClientLocality
+(1 row)
+
+SELECT ssl_client_dn_field('O') AS client_dn_O;
+  client_dn_o   
+----------------
+ SSLINFO-Client
+(1 row)
+
+SELECT ssl_client_dn_field('OU') AS client_dn_OU;
+ client_dn_ou 
+--------------
+ Client
+(1 row)
+
+SELECT ssl_issuer_field('CN') AS issuer_CN;
+    issuer_cn     
+------------------
+ root.example.com
+(1 row)
+
+SELECT ssl_issuer_field('C') AS issuer_C;
+ issuer_c 
+----------
+ CN
+(1 row)
+
+SELECT ssl_issuer_field('ST') AS issuer_ST;
+ issuer_st 
+-----------
+ Beijing
+(1 row)
+
+SELECT ssl_issuer_field('L') AS issuer_L;
+   issuer_l   
+--------------
+ RootLocality
+(1 row)
+
+SELECT ssl_issuer_field('O') AS issuer_O;
+  issuer_o   
+-------------
+ SSLINFO-dev
+(1 row)
+
+SELECT ssl_issuer_field('OU') AS issuer_OU;
+ issuer_ou 
+-----------
+ Test
+(1 row)
+
+DROP EXTENSION sslinfo;
+\! bash config.bash clean
+restore SSL in postgresql.conf with master only
+-- start_ignore
+-- end_ignore
+\! echo "gpstop end ret = $?"
+gpstop end ret = 0

contrib/sslinfo/sql/sslinfo.sql

+\! bash config.bash prepare
+-- start_ignore
+\! gpstop -arf
+-- end_ignore
+\! echo "gpstop begin ret = $?"
+
+\c - - localhost
+
+CREATE EXTENSION sslinfo;
+
+SELECT ssl_is_used();
+SELECT ssl_version() IS NOT NULL AS version_ok;
+SELECT ssl_cipher() IS NOT NULL AS cipher_ok;
+SELECT ssl_client_cert_present();
+SELECT ssl_client_serial();
+SELECT ssl_client_dn();
+SELECT ssl_issuer_dn();
+SELECT ssl_client_dn_field('CN') AS client_dn_CN;
+SELECT ssl_client_dn_field('C') AS client_dn_C;
+SELECT ssl_client_dn_field('ST') AS client_dn_ST;
+SELECT ssl_client_dn_field('L') AS client_dn_L;
+SELECT ssl_client_dn_field('O') AS client_dn_O;
+SELECT ssl_client_dn_field('OU') AS client_dn_OU;
+SELECT ssl_issuer_field('CN') AS issuer_CN;
+SELECT ssl_issuer_field('C') AS issuer_C;
+SELECT ssl_issuer_field('ST') AS issuer_ST;
+SELECT ssl_issuer_field('L') AS issuer_L;
+SELECT ssl_issuer_field('O') AS issuer_O;
+SELECT ssl_issuer_field('OU') AS issuer_OU;
+
+DROP EXTENSION sslinfo;
+
+\! bash config.bash clean
+-- start_ignore
+\! gpstop -arf
+-- end_ignore
+\! echo "gpstop end ret = $?"