From 82e8917f555dc85fef278f81cd09f6d09442c684 Mon Sep 17 00:00:00 2001
From: Hao Wu <hawu@pivotal.io>
Date: Wed, 20 Mar 2019 09:21:37 +0000
Subject: [PATCH] Add certificates & keys and test cases for contrib/sslinfo

---
 contrib/sslinfo/Makefile             |   3 +
 contrib/sslinfo/config.bash          |  44 ++++++++++++
 contrib/sslinfo/data/postgresql.crt  |  28 ++++++++
 contrib/sslinfo/data/postgresql.key  |  28 ++++++++
 contrib/sslinfo/data/root.crt        |  33 +++++++++
 contrib/sslinfo/data/server.crt      |  28 ++++++++
 contrib/sslinfo/data/server.key      |  28 ++++++++
 contrib/sslinfo/expected/sslinfo.out | 136 +++++++++++++++++++++++++++++++++++
 contrib/sslinfo/sql/sslinfo.sql      |  38 ++++++++++
 9 files changed, 366 insertions(+)
 create mode 100644 contrib/sslinfo/config.bash
 create mode 100644 contrib/sslinfo/data/postgresql.crt
 create mode 100644 contrib/sslinfo/data/postgresql.key
 create mode 100644 contrib/sslinfo/data/root.crt
 create mode 100644 contrib/sslinfo/data/server.crt
 create mode 100644 contrib/sslinfo/data/server.key
 create mode 100644 contrib/sslinfo/expected/sslinfo.out
 create mode 100644 contrib/sslinfo/sql/sslinfo.sql

diff --git a/contrib/sslinfo/Makefile b/contrib/sslinfo/Makefile
index 5a972db703..c416eba53f 100644
--- a/contrib/sslinfo/Makefile
+++ b/contrib/sslinfo/Makefile
@@ -8,6 +8,9 @@ DATA = sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql \
 	sslinfo--unpackaged--1.0.sql
 PGFILEDESC = "sslinfo - information about client SSL certificate"
 
+REGRESS = sslinfo
+REGRESS_OPT = --temp-config=$(top_srcdir)/contrib/sslinfo/sslinfo.conf
+
 ifdef USE_PGXS
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)
diff --git a/contrib/sslinfo/config.bash b/contrib/sslinfo/config.bash
new file mode 100644
index 0000000000..1bc90e7e8d
--- /dev/null
+++ b/contrib/sslinfo/config.bash
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+function sslinfo_prepare() {
+
+echo "#BEGIN SSLINFO CONF : BEGIN ANCHOR##" >> $PGDATA/postgresql.conf
+echo "ssl=on" >> $PGDATA/postgresql.conf
+echo "ssl_ciphers='HIGH:MEDIUM:+3DES:!aNULL'" >> $PGDATA/postgresql.conf
+echo "ssl_cert_file='server.crt'" >> $PGDATA/postgresql.conf
+echo "ssl_key_file='server.key'" >> $PGDATA/postgresql.conf
+echo "ssl_ca_file='root.crt'" >> $PGDATA/postgresql.conf
+echo "#END SSLINFO CONF : END ANCHOR##" >> $PGDATA/postgresql.conf
+
+echo "preparing CRTs and KEYs"
+cp -f data/root.crt   $PGDATA/
+cp -f data/server.crt $PGDATA/
+cp -f data/server.key $PGDATA/
+chmod 400 $PGDATA/server.key
+chmod 644 $PGDATA/server.crt
+chmod 644 $PGDATA/root.crt
+
+mkdir -p ~/.postgresql
+cp -f data/root.crt         ~/.postgresql/
+cp -f data/postgresql.crt   ~/.postgresql/
+cp -f data/postgresql.key   ~/.postgresql/
+chmod 400 ~/.postgresql/postgresql.key
+chmod 644 ~/.postgresql/postgresql.crt
+chmod 644 ~/.postgresql/root.crt
+}
+
+function sslinfo_clean() {
+sed -i '/#BEGIN SSLINFO CONF : BEGIN ANCHOR##/,/#END SSLINFO CONF : END ANCHOR##/d' $PGDATA/postgresql.conf
+}
+
+case "$1" in
+prepare)
+    sslinfo_prepare
+    ;;
+clean)
+    sslinfo_clean
+    ;;
+*)
+    echo "$0 { prepare | clean }"
+    exit 1
+esac
diff --git a/contrib/sslinfo/data/postgresql.crt b/contrib/sslinfo/data/postgresql.crt
new file mode 100644
index 0000000000..2669eab9f0
--- /dev/null
+++ b/contrib/sslinfo/data/postgresql.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEyDCCArCgAwIBAgIJANI3fEfqiJWrMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyMjAyMzk1MFow
+fzEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUuY29tMQswCQYDVQQGEwJDTjEQMA4G
+A1UECAwHUWluZ2RhbzEXMBUGA1UEBwwOQ2xpZW50TG9jYWxpdHkxFzAVBgNVBAoM
+DlNTTElORk8tQ2xpZW50MQ8wDQYDVQQLDAZDbGllbnQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC/yRHtprgZEOSzfyzie6wWnCoc0RkhzIeHR0+i0p1A
+vZamxGMb2NwlphoZV3/eXYjb1ocVCqnfiUkPjFQClVOmhyRV3qs9qvRq3kx2wHSP
+1EfCwX+P7u0F0cOEbTjkfzaUmDr/f6jHl/GwOogQF2ws8tITLdVWjudQfoY7tXsC
+kRc5NqARFY0R6xV6AoQU8OqTXHUkZoAE9CZu93f5DQ6t+on9dYP3tT/kOZLcngnV
+hqCvKrNJQyryjqT0pQqlMEhA7f8CvztBVtP+t3lKOLCe8+6ZTZmn8iKgqab7tMNE
+SAZr985ftamNVDJ9m0vJkRCc6dTVxDt6u4titanL/p35AgMBAAGjUDBOMB0GA1Ud
+DgQWBBQGLZpXzMeD/NF/B2jWCXrocq/3XDAfBgNVHSMEGDAWgBQrI82U2eYK0vis
+P3JF3fah+Ee5gjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCULD4Z
+5MBu6axs0aly0mITsN/wYm5yUd09oqsetKNUmn7Ki9Ut0uVlb5fRUVm+EfOtVgQV
+UJ3Xv78b3DD12b6AkcF9Kaw09uPo74Bv4hpXhWK/3i55Jdx4RvgQq/kjEXLnZqmK
+8vU97TgnnkAIBHlA3VMO35wPVlVXwARnrBuJuk2afWfCxlm0L7CqtrsEHphhUD1M
+OJ3heLikKs5LwLaRmxtznYWeEU47f8YgIrc9MmHiWDqgjBS/he4zVz04nnxiK4qR
+L35gMTacE/jRczB1TQeJX0IVIwWIN2yCZhvxQuWDa4fq/NfCORRwm3SBzEbmvV5/
+U+s/6KTEXkBaBexFXu4X2tCfyByhRy0/6U0CbLbAPYgZQfKKTtFdVDWo14slHrxx
+730WByfHePeZgTCKpobRSSvRxD6ihQICrLerMzUClR8762uIg2OLbpHiF6k4D/gX
+EOP1UwxD6IDX8jlJRICHO9HxpuXxr7v+CMihxUvQ/cPLyPiPZ8bDWJcDkUSkDo9Q
+lXyDS9cjrhr3fVoYnUV92F4/LKyxof7lnCy+rXrR2IZM75d6Co6MmcEkXBrEnLW1
+XTyewRByxwuWJ69vM9GDhTR2Gsi7RZbXfkLUnbaqIhwOeRDnT1ubaNHF09dytbXM
+DU5ToLhzZZcrrCD1TZGZ0zecLyVfIZ2YGcCmMg==
+-----END CERTIFICATE-----
diff --git a/contrib/sslinfo/data/postgresql.key b/contrib/sslinfo/data/postgresql.key
new file mode 100644
index 0000000000..afec51fff2
--- /dev/null
+++ b/contrib/sslinfo/data/postgresql.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/yRHtprgZEOSz
+fyzie6wWnCoc0RkhzIeHR0+i0p1AvZamxGMb2NwlphoZV3/eXYjb1ocVCqnfiUkP
+jFQClVOmhyRV3qs9qvRq3kx2wHSP1EfCwX+P7u0F0cOEbTjkfzaUmDr/f6jHl/Gw
+OogQF2ws8tITLdVWjudQfoY7tXsCkRc5NqARFY0R6xV6AoQU8OqTXHUkZoAE9CZu
+93f5DQ6t+on9dYP3tT/kOZLcngnVhqCvKrNJQyryjqT0pQqlMEhA7f8CvztBVtP+
+t3lKOLCe8+6ZTZmn8iKgqab7tMNESAZr985ftamNVDJ9m0vJkRCc6dTVxDt6u4ti
+tanL/p35AgMBAAECggEBAJWd0A29bYuogTKC+UoqvwLYi4X1ngyfGe/wMvFMK3+R
+KBErzkGwOXZpkZzJhSi9gYI3ZySEMCgCWuv1RqjJQ/v7G96dmqu+TXV9vNs7ovN9
+4QnPmKt58pECpuwNpT+k+riL1iLyvYIQSG16DCG5lBuwxzBNJkyjqVNDkYbNOoyx
+tVwiXv6kVWbwtHye52xw6CyUQVBiKzV9YPiCDvS9Hinf16gzubuyQxr5p8/Ty4De
+etT3u1WJ1NvPolrpLYtdS4+wSolJ27zSpt5Bhu8H7sZGZ7Rs6pa90AchYxCSAKzj
+6FJzo6gGMOgwrH+qV/buTBgMTX74SI9dFsiSg6laujECgYEA/LccG+1tiDgZcN50
+zdKAvrUQ9rWfcyh0xe0mTR/hti1KXg0u0Zh/sMcUWSlFEICY9UAPJTSv0Ztgm2lY
+t9gN9Pz9fqVTJIlIstBJMC/iQ2sG2/7cX+INGgOSFZTesRVPG5PTEApXbtveP56W
+tOPodFTwJff+lz9eBeDlZYVppo0CgYEAwkc4kYDWaO1bMm2fAaKg8BSmdtBMlnG2
+Xjq7BgMGDEtIMNNIbK95QvWGbhfFz/6XI0XLwTT4j7Hgbkj4jT3uQurLCCkgLOWt
+pMJqMZtJgQ4bMtM4WsG7UgDpjSfmsYlF7lzO0MBchGV5eGUUcaM6RJ1LhFv88+b6
+DIgCyZ3RwB0CgYEAwpXDgQV6Fy8K98tyKKDzHOSSYURLuAHomBYYLb5krz+ESZLg
+/+XqPBWt51FNqn06SWy/vKgq0LxQ0Jl3BGfJp1+9WGy37iP+5CBYmk/kaoDYUUCW
+MwX9jJA/RXrRVYzQ0q0qEOnFlMibAmV8KWBrNlfIaZPgZlkWbnRSba8iQGkCgYAD
+7YayQmWTV4EpgtfdI5mXYQOAkXOK8x+Zxhwz4enEY91Ax3TGZcHQ3b/rB+YC74XE
+u8uDy3tfBFyiPi1wRZlElxSlxJcW8UnSc+/LsvUIe+2G2IhiJVqRLN2L8guS+VCF
+ojC4PbthHeAX1AtWxNMPwhJdybJSiA/0IufThbJQ7QKBgEsiIAtuYVVHNK5dhW5A
+5kihuBKRXjdOduLkL2FZab+PoNdJF6gw2LAq6s3RtLcl3u5kG+t/L7sHDuqflA/6
+CXT8Zwf5J4yfuFezZg+NKK/VI4x+nZJymioY/GOyoX7KgjICLHyyZ0gVGu0XSHkL
+OxqlBnUO8Jq7NxnJq6yVuEu9
+-----END PRIVATE KEY-----
diff --git a/contrib/sslinfo/data/root.crt b/contrib/sslinfo/data/root.crt
new file mode 100644
index 0000000000..750b31bbed
--- /dev/null
+++ b/contrib/sslinfo/data/root.crt
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFvzCCA6egAwIBAgIJAN1mnmY6kmCfMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyNzAyMzk1MFow
+djEZMBcGA1UEAwwQcm9vdC5leGFtcGxlLmNvbTELMAkGA1UEBhMCQ04xEDAOBgNV
+BAgMB0JlaWppbmcxFTATBgNVBAcMDFJvb3RMb2NhbGl0eTEUMBIGA1UECgwLU1NM
+SU5GTy1kZXYxDTALBgNVBAsMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDXWqhDEJH8qNxycPFM0ovhLWnktASG3dbklpaLCXOGKlTbbxjaJzbh
+3C+iBPOKqsPLZya3SgOnuOQr/WkM34gPBMtjqzBudQS1/+HD7r13/I9Nc4Sn7l3Y
+6KMVJ9JnyWmzp8bPSGV+3Jb4R/Cujkz+d8e9MhBL67x1yz+aQ3Z7gdiCKvDe6TS5
+hY4S4RvXuZ4FMw9nZSb2BH6UIkLs9aYnuiX0DCUasYEsOi1RhQI0m6OWjNU44zvQ
+yHou6hLUe/RfW2tzKSXByyiqTVYQnsC68awxs535n9etM6YJg13BV69+tQCIV4Z0
+RSbZfWdRYK6kHiAa2zYMl+LEP2ybE5LCbsGBOlUj6JgddFmrXFVGhK44GFVxDHlV
+78KImkbhN5Z/NEcY6exHoBnTgupJy5JgYIEhufgDGp2Mm59xLS9pjWYSZO+e5LXf
+sHUDQJQe+kyBTawbUP8KlCsIZNQfIQa5b3RjNRtOL4CtH4d1Mv9z/rNJ8NszsZBt
+BmY66HloKzYS2ljzecaiHLkSfNBSqidRtlFKYgAndVUgsvRs5K0Ok8nYDtzmMyXT
+K+GZ9EcozEI1QTM7oXYL/hcJqqgLeJYGMVxs02Ltf7UY/eaIlQAJ5cp9IvTFdA4V
+nQH9cnfgRThduxZCnaRbXIyz/4fWjd7xnn4J/jFzlfYUktKxNfDnwwIDAQABo1Aw
+TjAdBgNVHQ4EFgQUKyPNlNnmCtL4rD9yRd32ofhHuYIwHwYDVR0jBBgwFoAUKyPN
+lNnmCtL4rD9yRd32ofhHuYIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEAZ6LdR4cBVavj/uDMUqH1LWyyhTBUBkzrqbQXpUeBECdxJMU6jmsWRkEd5A+8
+Tv8Cez0y8Wio4RcBl/YFSR9pHdWsVqCOwXUShcba2sMX+12SAxXplnIV3vqWlm2g
+nV5auO3kkI2rPDMD2qxoRswKOeJi3l/aThY6AfYIEeXqaj+fSoWVxrkYphgCvFF5
+aFSQYLRvtfw0ixPC1gklNFEnGzsLgiSxybaVXpv470Yp9seR6OFLlCqu+cYY+Z2G
+JfMc3IwYN3MKPJ6r7hr0p7L9qiYawbZ21rnuVoY+9gRTFKK/GVEAzgLB9T1jI4lC
+M3867dP7VmpVJOgrsXV93+/uzwjji2ktpuohFls+P499cDrebtDeIwGVqlahrVE8
+ryFVRoxBiz/8rWBxkaezkzx7EyHiZG0x7EH28XBrFsQsBCqpn62PD0bAXn5vxWgU
+Q+O/KqwK0Nb+aWmYVv3qQ77Dd3+vwl2gJxozQgO/aD4BVDrE0aguejXoBTGpl+3c
+6p3JeUXC5nSQRAYJByHe2aLJ7oU2QNioOOVQwwhwi+Qdx6jxouUQFlSAVQQ6kh7p
+Kb7ZzdPmLGoeecQj2SncZ2mbV6iEoufYhIzynC/uTegjiDkRHnq8+smshd+nAY0p
+QJpOfp6whz8NMs0ee754bHmk0k1HJwfsXUJe1b1C07IQHZo=
+-----END CERTIFICATE-----
diff --git a/contrib/sslinfo/data/server.crt b/contrib/sslinfo/data/server.crt
new file mode 100644
index 0000000000..cd36aedb41
--- /dev/null
+++ b/contrib/sslinfo/data/server.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEyjCCArKgAwIBAgIJANI3fEfqiJWqMA0GCSqGSIb3DQEBCwUAMHYxGTAXBgNV
+BAMMEHJvb3QuZXhhbXBsZS5jb20xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlq
+aW5nMRUwEwYDVQQHDAxSb290TG9jYWxpdHkxFDASBgNVBAoMC1NTTElORk8tZGV2
+MQ0wCwYDVQQLDARUZXN0MB4XDTE5MDMyNTAyMzk1MFoXDTI5MDMyMjAyMzk1MFow
+gYAxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTELMAkGA1UEBhMCQ04xETAP
+BgNVBAgMCFNoYW5naGFpMRcwFQYDVQQHDA5TZXJ2ZXJMb2NhbGl0eTEXMBUGA1UE
+CgwOU1NMSU5GTy1TZXJ2ZXIxDzANBgNVBAsMBlNlcnZlcjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAN+D6B/0RJoPH8Gv9zGGVCxqXOMu4MXIaumetX/R
+la/KrxaFpSkEGIui6iXwTezanKyUZ6Cb4j0IEQZwnITzkchrWawj7xA2cCs25GH2
+UOARPo8V6J5oqy7p8mj/iytApfjllndvDEGqf/YZfd395qZIGv5UfDMB/A9sKch0
+UhwxSxWFHaCwpFU+ZLESE3H8/9yBwGQRZzYd8WyZsOCXK2m9IWGOAp1kH80SQ23F
+GJ7MThWjog76pJ87vfjouAvXaXhwxN36PaMxpx31i5m7epI0Wrvg1SIxeVnIVjw7
+UMGsE/h+Oj0jiPPiynUsPLZ1MCDy85pHvQFUfnFnVQ9fD2kCAwEAAaNQME4wHQYD
+VR0OBBYEFBoUI/bZg3fhCXEcv0iUd/aihrO9MB8GA1UdIwQYMBaAFCsjzZTZ5grS
++Kw/ckXd9qH4R7mCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABpO
+QRDT+YwOBlA/Nh5A98159zlpyHL7bUep/5v8rprQCWDaZRoxDJhSQ3lLbVzfPolL
+U+1XU3Ur4KitMapn0mRLs9Zso2ezDHhE7Nj2yqj/67H6XAHMc0/4WjUIJoYo0nLU
+oH9HUugMD1B5AKE0CHMKltwKesJoNv0MSr+shaf+y50iTQno5wigc3YIVdxDwgLt
+OW/pRUbcBKGwW9VlBlkaU0TfnWQlkgo9ER57wCp0xYFE1ndzsM6w2bRCxS5YqvHs
+xPN1fq9OVOr0dSH18jPXnWfgFK62YwMxppsEYZXElg237J7+ZElztfLW36ZF2t1v
+8E5r69M0mmbM4R1L3gcCaM/qWbCzitfY1W5ZcQnS6Oiu0EhYgiULPbnH1BEVlzAw
+Gyuav1cztLsxemryg7YvWzW7p3/h/nNdBpQgv8ZHysdrwBOgkD58zQzcqydqjdsZ
+eeAQ0zS3SvxZnjJeGJpd8KT0VoTA1OxEb9VkWHjuZvAxJNej1E0JpLjpV6lzuJz0
+NwH7RvuCI5cfvpICnhSqHtAQsycnMrNXp9F+1Zi0agFZlglrOze4AJSPc2i3maJu
+AJsd+/k972vuKG0W9PuPvprncp3UD/Rc6KGZInW4V1ThpfoAOGsVxL5FfAclKNai
+S3dqBd5vLJlbalFbTpcypxmeq2fUaPE/Xo8ArQAy
+-----END CERTIFICATE-----
diff --git a/contrib/sslinfo/data/server.key b/contrib/sslinfo/data/server.key
new file mode 100644
index 0000000000..642962f860
--- /dev/null
+++ b/contrib/sslinfo/data/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDfg+gf9ESaDx/B
+r/cxhlQsalzjLuDFyGrpnrV/0ZWvyq8WhaUpBBiLouol8E3s2pyslGegm+I9CBEG
+cJyE85HIa1msI+8QNnArNuRh9lDgET6PFeieaKsu6fJo/4srQKX45ZZ3bwxBqn/2
+GX3d/eamSBr+VHwzAfwPbCnIdFIcMUsVhR2gsKRVPmSxEhNx/P/cgcBkEWc2HfFs
+mbDglytpvSFhjgKdZB/NEkNtxRiezE4Vo6IO+qSfO7346LgL12l4cMTd+j2jMacd
+9YuZu3qSNFq74NUiMXlZyFY8O1DBrBP4fjo9I4jz4sp1LDy2dTAg8vOaR70BVH5x
+Z1UPXw9pAgMBAAECggEAFmn34RxxtLFHkfi/ZSv/TOTto6qTx8GtVvgfY031IMfG
+fw+v3EkY3QfdSyip59KUW4oWSjjXmx8v9eFdEMgMGnkJaQXBd3K+FNdQV7KHsbCJ
+AXhE932vjOjQ8k6N+ixleGwthpSQOhWK93be9F/9vTcF3fNC8SqFyFYkaoGfqkvn
+LVzau0CzfMZ41XKqShca0RMUv2jWeVPI4pzMMLcWiUcxmy+n6Tsp7e5yiU9zTCTy
+ngTYKlr1Ge3vtEDyybbwl2ogMjS/ZADpnFdm/oZAHviBRU8iCEEQWWNaC3fP8FVs
+r/dmOTis2Y0B08P8z0jS6LZdTKbYSRHbdoP6Ph5FwQKBgQDxZBRU9VtOjkLtfaSv
+yPbH5kTf9euXOuoon2VUP9NZyGWrwCiMeRuAOlSyk/3WkkkMcQcmyOdVjR/nVNR/
+x7OxrQtBYpaDTIUBcOteDJSAI7v6+m7WvlW6zUXuVGz3NmUlBdiAYfssuOiqJ/6G
++zVKP2iRmmpEeh6zQ3IYaLZK1QKBgQDtCuAvqD07svZC2drHqZfeNPTR/51nMN6f
+4qQgRQT6SHYKzmCCul4AmgyLaB0WSAYICFotFkZvwb8435LuxlTdaNEx+qbSJgyQ
+l6drLZc3ToEXE4rzCiVDrE6K2n1ZsbWtJAlcWCmGrjS8ZUJBNkcivm7hpfSmfwZA
+Bj9fyHNURQKBgCm5YspMnru1W1wxm4XG9uEWrFEJ8O7zAAaFhr5JSf765JgLXvbo
++Bfx/THg4r90Caxc3R+XGmVvP1R9FT4BBs5vWsKyh9GqKFNXcVeQVRrREm0PXJlB
+zQ+865mGfk88177Og92tEf1o+M5wm045nbx3uVtxlWzArw3NWqtdbiUBAoGBAIQp
+mC16JAnxEhTb2nuQNziRVh7v4hbyzG1gtBm54biaRhZoUq8QsfCr82qWtgECTzqT
+TZPt43/UCoXvQcEXm6GHG3w+QFzTEhZcN+AuHy2a+6aeIs63TWeZ3oDUqSclSiIr
+AX0XOq/42TZhTruFQ8w/WRs+qFVcZWO1GAiTfpnxAoGAL1OM25AufgJJd7GS72Yp
+hMMtx17PoknmehwxhEchfA0wphIhn9ScwPyJy6m4O6wxKEptnXFWE19xBbXJO0Pt
+Mr3HHhuqa/dgH7dqalbfubuydgxUkScvM9PI5KzqfcKDifkklBZTnWr6eMXbttam
+zk4WNpEluaYe5SG4EBNjmSQ=
+-----END PRIVATE KEY-----
diff --git a/contrib/sslinfo/expected/sslinfo.out b/contrib/sslinfo/expected/sslinfo.out
new file mode 100644
index 0000000000..fbc1782615
--- /dev/null
+++ b/contrib/sslinfo/expected/sslinfo.out
@@ -0,0 +1,136 @@
+\! bash config.bash prepare
+preparing CRTs and KEYs
+-- start_ignore
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
+restart code = 0
+\c - - localhost
+CREATE EXTENSION sslinfo;
+SHOW ssl;
+ ssl 
+-----
+ on
+(1 row)
+
+SELECT ssl_is_used();
+ ssl_is_used 
+-------------
+ t
+(1 row)
+
+SELECT ssl_version();
+ ssl_version 
+-------------
+ TLSv1.2
+(1 row)
+
+SELECT ssl_cipher();
+         ssl_cipher          
+-----------------------------
+ ECDHE-RSA-AES256-GCM-SHA384
+(1 row)
+
+SELECT ssl_client_cert_present();
+ ssl_client_cert_present 
+-------------------------
+ t
+(1 row)
+
+SELECT ssl_client_serial();
+  ssl_client_serial   
+----------------------
+ 15147712520003294635
+(1 row)
+
+SELECT ssl_client_dn();
+                                   ssl_client_dn                                    
+------------------------------------------------------------------------------------
+ /CN=client.example.com/C=CN/ST=Qingdao/L=ClientLocality/O=SSLINFO-Client/OU=Client
+(1 row)
+
+SELECT ssl_issuer_dn();
+                               ssl_issuer_dn                               
+---------------------------------------------------------------------------
+ /CN=root.example.com/C=CN/ST=Beijing/L=RootLocality/O=SSLINFO-dev/OU=Test
+(1 row)
+
+SELECT ssl_client_dn_field('CN') AS client_dn_CN;
+    client_dn_cn    
+--------------------
+ client.example.com
+(1 row)
+
+SELECT ssl_client_dn_field('C') AS client_dn_C;
+ client_dn_c 
+-------------
+ CN
+(1 row)
+
+SELECT ssl_client_dn_field('ST') AS client_dn_ST;
+ client_dn_st 
+--------------
+ Qingdao
+(1 row)
+
+SELECT ssl_client_dn_field('L') AS client_dn_L;
+  client_dn_l   
+----------------
+ ClientLocality
+(1 row)
+
+SELECT ssl_client_dn_field('O') AS client_dn_O;
+  client_dn_o   
+----------------
+ SSLINFO-Client
+(1 row)
+
+SELECT ssl_client_dn_field('OU') AS client_dn_OU;
+ client_dn_ou 
+--------------
+ Client
+(1 row)
+
+SELECT ssl_issuer_field('CN') AS issuer_CN;
+    issuer_cn     
+------------------
+ root.example.com
+(1 row)
+
+SELECT ssl_issuer_field('C') AS issuer_C;
+ issuer_c 
+----------
+ CN
+(1 row)
+
+SELECT ssl_issuer_field('ST') AS issuer_ST;
+ issuer_st 
+-----------
+ Beijing
+(1 row)
+
+SELECT ssl_issuer_field('L') AS issuer_L;
+   issuer_l   
+--------------
+ RootLocality
+(1 row)
+
+SELECT ssl_issuer_field('O') AS issuer_O;
+  issuer_o   
+-------------
+ SSLINFO-dev
+(1 row)
+
+SELECT ssl_issuer_field('OU') AS issuer_OU;
+ issuer_ou 
+-----------
+ Test
+(1 row)
+
+DROP EXTENSION sslinfo;
+-- start_ignore
+\! bash config.bash clean
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
+restart code = 0
diff --git a/contrib/sslinfo/sql/sslinfo.sql b/contrib/sslinfo/sql/sslinfo.sql
new file mode 100644
index 0000000000..86a2a55b0e
--- /dev/null
+++ b/contrib/sslinfo/sql/sslinfo.sql
@@ -0,0 +1,38 @@
+\! bash config.bash prepare
+-- start_ignore
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
+
+\c - - localhost
+
+CREATE EXTENSION sslinfo;
+
+SHOW ssl;
+SELECT ssl_is_used();
+SELECT ssl_version();
+SELECT ssl_cipher();
+SELECT ssl_client_cert_present();
+SELECT ssl_client_serial();
+SELECT ssl_client_dn();
+SELECT ssl_issuer_dn();
+SELECT ssl_client_dn_field('CN') AS client_dn_CN;
+SELECT ssl_client_dn_field('C') AS client_dn_C;
+SELECT ssl_client_dn_field('ST') AS client_dn_ST;
+SELECT ssl_client_dn_field('L') AS client_dn_L;
+SELECT ssl_client_dn_field('O') AS client_dn_O;
+SELECT ssl_client_dn_field('OU') AS client_dn_OU;
+SELECT ssl_issuer_field('CN') AS issuer_CN;
+SELECT ssl_issuer_field('C') AS issuer_C;
+SELECT ssl_issuer_field('ST') AS issuer_ST;
+SELECT ssl_issuer_field('L') AS issuer_L;
+SELECT ssl_issuer_field('O') AS issuer_O;
+SELECT ssl_issuer_field('OU') AS issuer_OU;
+
+DROP EXTENSION sslinfo;
+
+-- start_ignore
+\! bash config.bash clean
+\! pg_ctl restart 2>&1 >/dev/null
+-- end_ignore
+\! echo "restart code = $?"
-- 
2.16.1