Revert "Add notBefore and notAfter to SSL cert info display"

Due to an oversight in reviewing, this used functionality not compatible with old versions of OpenSSL. This reverts commit 75ec5e7bec700577d39d653c316e3ae6c505842c.
2023-07-20 17:18:12 +02:00 · 2023-07-20 17:18:12 +02:00 · 29a0ccbce9
commit 29a0ccbce9
parent 75ec5e7bec
18 changed files with 33 additions and 246 deletions
--- a/contrib/sslinfo/Makefile
+++ b/contrib/sslinfo/Makefile
@ -6,7 +6,7 @@ OBJS = \
 	sslinfo.o
 EXTENSION = sslinfo
-DATA = sslinfo--1.2--1.3.sql sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql
+DATA = sslinfo--1.2.sql sslinfo--1.1--1.2.sql sslinfo--1.0--1.1.sql
 PGFILEDESC = "sslinfo - information about client SSL certificate"
 ifdef USE_PGXS
--- a/contrib/sslinfo/meson.build
+++ b/contrib/sslinfo/meson.build
@ -26,7 +26,6 @@ install_data(
  'sslinfo--1.0--1.1.sql',
  'sslinfo--1.1--1.2.sql',
  'sslinfo--1.2.sql',
  'sslinfo--1.2--1.3.sql',
  'sslinfo.control',
  kwargs: contrib_data_args,
 )
--- a/contrib/sslinfo/sslinfo--1.2--1.3.sql
+++ b/contrib/sslinfo/sslinfo--1.2--1.3.sql
@ -1,12 +0,0 @@
 /* contrib/sslinfo/sslinfo--1.2--1.3.sql */
 -- complain if script is sourced in psql, rather than via CREATE EXTENSION
 \echo Use "CREATE EXTENSION sslinfo" to load this file. \quit
 CREATE FUNCTION ssl_client_get_notbefore() RETURNS timestamp
 AS 'MODULE_PATHNAME', 'ssl_client_get_notbefore'
 LANGUAGE C STRICT PARALLEL RESTRICTED;
 CREATE FUNCTION ssl_client_get_notafter() RETURNS timestamp
 AS 'MODULE_PATHNAME', 'ssl_client_get_notafter'
 LANGUAGE C STRICT PARALLEL RESTRICTED;
--- a/contrib/sslinfo/sslinfo.c
+++ b/contrib/sslinfo/sslinfo.c
@ -18,7 +18,6 @@
 #include "libpq/libpq-be.h"
 #include "miscadmin.h"
 #include "utils/builtins.h"
 #include "utils/timestamp.h"
 /*
 * On Windows, <wincrypt.h> includes a #define for X509_NAME, which breaks our
@ -35,7 +34,6 @@ PG_MODULE_MAGIC;
 static Datum X509_NAME_field_to_text(X509_NAME *name, text *fieldName);
 static Datum ASN1_STRING_to_text(ASN1_STRING *str);
 static Datum ASN1_TIME_to_timestamp(ASN1_TIME *time);
 /*
 * Function context for data persisting over repeated calls.
@ -227,39 +225,6 @@ X509_NAME_field_to_text(X509_NAME *name, text *fieldName)
 }
 /*
 * Converts OpenSSL ASN1_TIME structure into timestamp
 *
 * Parameter: time - OpenSSL ASN1_TIME structure.
 *
 * Returns Datum, which can be directly returned from a C language SQL
 * function.
 */
 static Datum
 ASN1_TIME_to_timestamp(ASN1_TIME * time)
 {
 	struct tm	tm_time;
 	struct pg_tm pgtm_time;
 	Timestamp	ts;
 	ASN1_TIME_to_tm(time, &tm_time);
 	pgtm_time.tm_sec = tm_time.tm_sec;
 	pgtm_time.tm_min = tm_time.tm_min;
 	pgtm_time.tm_hour = tm_time.tm_hour;
 	pgtm_time.tm_mday = tm_time.tm_mday;
 	pgtm_time.tm_mon = tm_time.tm_mon + 1;
 	pgtm_time.tm_year = tm_time.tm_year + 1900;
 	if (tm2timestamp(&pgtm_time, 0, NULL, &ts))
 		ereport(ERROR,
 				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
 				 errmsg("failed to convert tm to timestamp")));
 	PG_RETURN_TIMESTAMP(ts);
 }
 /*
 * Returns specified field of client certificate distinguished name
 *
@ -517,35 +482,3 @@ ssl_extension_info(PG_FUNCTION_ARGS)
 	/* All done */
 	SRF_RETURN_DONE(funcctx);
 }
 /*
 * Returns current client certificate notBefore timestamp in
 * timestamp data type
 */
 PG_FUNCTION_INFO_V1(ssl_client_get_notbefore);
 Datum
 ssl_client_get_notbefore(PG_FUNCTION_ARGS)
 {
 	X509	   *cert = MyProcPort->peer;
 	if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid)
 		PG_RETURN_NULL();
 	return ASN1_TIME_to_timestamp(X509_get_notBefore(cert));
 }
 /*
 * Returns current client certificate notAfter timestamp in
 * timestamp data type
 */
 PG_FUNCTION_INFO_V1(ssl_client_get_notafter);
 Datum
 ssl_client_get_notafter(PG_FUNCTION_ARGS)
 {
 	X509	   *cert = MyProcPort->peer;
 	if (!MyProcPort->ssl_in_use || !MyProcPort->peer_cert_valid)
 		PG_RETURN_NULL();
 	return ASN1_TIME_to_timestamp(X509_get_notAfter(cert));
 }
--- a/contrib/sslinfo/sslinfo.control
+++ b/contrib/sslinfo/sslinfo.control
@ -1,5 +1,5 @@
 # sslinfo extension
 comment = 'information about SSL certificates'
-default_version = '1.3'
+default_version = '1.2'
 module_pathname = '$libdir/sslinfo'
 relocatable = true
--- a/doc/src/sgml/monitoring.sgml
+++ b/doc/src/sgml/monitoring.sgml
@ -2257,26 +2257,6 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
       This field is truncated like <structfield>client_dn</structfield>.
      </para></entry>
     </row>
     <row>
      <entry role="catalog_table_entry"><para role="column_definition">
       <structfield>not_before</structfield> <type>text</type>
      </para>
      <para>
       Not before UTC timestamp of the client certificate, or NULL if no client
       certificate was supplied.
      </para></entry>
     </row>
     <row>
      <entry role="catalog_table_entry"><para role="column_definition">
       <structfield>not_after</structfield> <type>text</type>
      </para>
      <para>
       Not after UTC timestamp of the client certificate, or NULL if no client
       certificate was supplied.
      </para></entry>
     </row>
    </tbody>
   </tgroup>
  </table>
--- a/doc/src/sgml/sslinfo.sgml
+++ b/doc/src/sgml/sslinfo.sgml
@ -240,36 +240,6 @@ emailAddress
    </para>
    </listitem>
   </varlistentry>
   <varlistentry>
    <term>
     <function>ssl_client_get_notbefore() returns text</function>
     <indexterm>
      <primary>ssl_client_get_notbefore</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     Return the <structfield>not before</structfield> UTC timestamp of the client
     certificate.
    </para>
    </listitem>
   </varlistentry>
   <varlistentry>
    <term>
     <function>ssl_client_get_notafter() returns text</function>
     <indexterm>
      <primary>ssl_client_get_notafter</primary>
     </indexterm>
    </term>
    <listitem>
    <para>
     Return the <structfield>not after</structfield> UTC timestamp of the client
     certificate.
    </para>
    </listitem>
   </varlistentry>
  </variablelist>
 </sect2>
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@ -970,9 +970,7 @@ CREATE VIEW pg_stat_ssl AS
            S.sslbits AS bits,
            S.ssl_client_dn AS client_dn,
            S.ssl_client_serial AS client_serial,
-            S.ssl_issuer_dn AS issuer_dn,
+            S.ssl_issuer_dn AS issuer_dn
            S.ssl_not_before AS not_before,
            S.ssl_not_after AS not_after
    FROM pg_stat_get_activity(NULL) AS S
    WHERE S.client_port IS NOT NULL;
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@ -36,7 +36,6 @@
 #include "tcop/tcopprot.h"
 #include "utils/builtins.h"
 #include "utils/memutils.h"
 #include "utils/timestamp.h"
 /*
 * These SSL-related #includes must come after all system-provided headers.
@ -73,7 +72,6 @@ static bool initialize_ecdh(SSL_CTX *context, bool isServerStart);
 static const char *SSLerrmessage(unsigned long ecode);
 static char *X509_NAME_to_cstring(X509_NAME *name);
 static Timestamp ASN1_TIME_to_timestamp(ASN1_TIME *time);
 static SSL_CTX *SSL_context = NULL;
 static bool SSL_initialized = false;
@ -1408,24 +1406,6 @@ be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len)
 		ptr[0] = '\0';
 }
 void
 be_tls_get_peer_not_before(Port *port, Timestamp *ptr)
 {
 	if (port->peer)
 		*ptr = ASN1_TIME_to_timestamp(X509_get_notBefore(port->peer));
 	else
 		*ptr = 0;
 }
 void
 be_tls_get_peer_not_after(Port *port, Timestamp *ptr)
 {
 	if (port->peer)
 		*ptr = ASN1_TIME_to_timestamp(X509_get_notAfter(port->peer));
 	else
 		*ptr = 0;
 }
 void
 be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
 {
@ -1569,33 +1549,6 @@ X509_NAME_to_cstring(X509_NAME *name)
 	return result;
 }
 /*
 * Convert an ASN1_TIME to a Timestamp
 */
 static Timestamp
 ASN1_TIME_to_timestamp(ASN1_TIME * time)
 {
 	struct tm	tm_time;
 	struct pg_tm pgtm_time;
 	Timestamp	ts;
 	ASN1_TIME_to_tm(time, &tm_time);
 	pgtm_time.tm_sec = tm_time.tm_sec;
 	pgtm_time.tm_min = tm_time.tm_min;
 	pgtm_time.tm_hour = tm_time.tm_hour;
 	pgtm_time.tm_mday = tm_time.tm_mday;
 	pgtm_time.tm_mon = tm_time.tm_mon + 1;
 	pgtm_time.tm_year = tm_time.tm_year + 1900;
 	if (tm2timestamp(&pgtm_time, 0, NULL, &ts))
 		ereport(ERROR,
 				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
 				 errmsg("timestamp out of range")));
 	return ts;
 }
 /*
 * Convert TLS protocol version GUC enum to OpenSSL values
 *
--- a/src/backend/utils/activity/backend_status.c
+++ b/src/backend/utils/activity/backend_status.c
@ -367,8 +367,6 @@ pgstat_bestart(void)
 		be_tls_get_peer_subject_name(MyProcPort, lsslstatus.ssl_client_dn, NAMEDATALEN);
 		be_tls_get_peer_serial(MyProcPort, lsslstatus.ssl_client_serial, NAMEDATALEN);
 		be_tls_get_peer_issuer_name(MyProcPort, lsslstatus.ssl_issuer_dn, NAMEDATALEN);
 		be_tls_get_peer_not_before(MyProcPort, &lsslstatus.ssl_not_before);
 		be_tls_get_peer_not_after(MyProcPort, &lsslstatus.ssl_not_after);
 	}
 	else
 	{
--- a/src/backend/utils/adt/pgstatfuncs.c
+++ b/src/backend/utils/adt/pgstatfuncs.c
@ -303,7 +303,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
 Datum
 pg_stat_get_activity(PG_FUNCTION_ARGS)
 {
-#define PG_STAT_GET_ACTIVITY_COLS	33
+#define PG_STAT_GET_ACTIVITY_COLS	31
 	int			num_backends = pgstat_fetch_stat_numbackends();
 	int			curr_backend;
 	int			pid = PG_ARGISNULL(0) ? -1 : PG_GETARG_INT32(0);
@ -395,7 +395,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 			pfree(clipped_activity);
 			/* leader_pid */
-			nulls[31] = true;
+			nulls[29] = true;
 			proc = BackendPidGetProc(beentry->st_procpid);
@ -432,8 +432,8 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 				 */
 				if (leader && leader->pid != beentry->st_procpid)
 				{
-					values[31] = Int32GetDatum(leader->pid);
+					values[29] = Int32GetDatum(leader->pid);
-					nulls[31] = false;
+					nulls[29] = false;
 				}
 				else if (beentry->st_backendType == B_BG_WORKER)
 				{
@ -441,8 +441,8 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 					if (leader_pid != InvalidPid)
 					{
-						values[31] = Int32GetDatum(leader_pid);
+						values[29] = Int32GetDatum(leader_pid);
-						nulls[31] = false;
+						nulls[29] = false;
 					}
 				}
 			}
@ -587,45 +587,35 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 					values[24] = CStringGetTextDatum(beentry->st_sslstatus->ssl_issuer_dn);
 				else
 					nulls[24] = true;
 				if (beentry->st_sslstatus->ssl_not_before != 0)
 					values[25] = TimestampGetDatum(beentry->st_sslstatus->ssl_not_before);
 				else
 					nulls[25] = true;
 				if (beentry->st_sslstatus->ssl_not_after != 0)
 					values[26] = TimestampGetDatum(beentry->st_sslstatus->ssl_not_after);
 				else
 					nulls[26] = true;
 			}
 			else
 			{
 				values[18] = BoolGetDatum(false);	/* ssl */
-				nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = nulls[25] = nulls[26] = true;
+				nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = nulls[24] = true;
 			}
 			/* GSSAPI information */
 			if (beentry->st_gss)
 			{
-				values[27] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
+				values[25] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
-				values[28] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
+				values[26] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
-				values[29] = BoolGetDatum(beentry->st_gssstatus->gss_enc);	/* GSS Encryption in use */
+				values[27] = BoolGetDatum(beentry->st_gssstatus->gss_enc);	/* GSS Encryption in use */
-				values[30] = BoolGetDatum(beentry->st_gssstatus->gss_delegation);	/* GSS credentials
+				values[28] = BoolGetDatum(beentry->st_gssstatus->gss_delegation);	/* GSS credentials
 																					 * delegated */
 			}
 			else
 			{
-				values[27] = BoolGetDatum(false);	/* gss_auth */
+				values[25] = BoolGetDatum(false);	/* gss_auth */
-				nulls[28] = true;	/* No GSS principal */
+				nulls[26] = true;	/* No GSS principal */
-				values[29] = BoolGetDatum(false);	/* GSS Encryption not in
+				values[27] = BoolGetDatum(false);	/* GSS Encryption not in
 													 * use */
-				values[30] = BoolGetDatum(false);	/* GSS credentials not
+				values[28] = BoolGetDatum(false);	/* GSS credentials not
 													 * delegated */
 			}
 			if (beentry->st_query_id == 0)
-				nulls[32] = true;
+				nulls[30] = true;
 			else
-				values[32] = UInt64GetDatum(beentry->st_query_id);
+				values[30] = UInt64GetDatum(beentry->st_query_id);
 		}
 		else
 		{
@ -655,8 +645,6 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
 			nulls[28] = true;
 			nulls[29] = true;
 			nulls[30] = true;
 			nulls[31] = true;
 			nulls[32] = true;
 		}
 		tuplestore_putvalues(rsinfo->setResult, rsinfo->setDesc, values, nulls);
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@ -57,6 +57,6 @@
 */
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	202307201
+#define CATALOG_VERSION_NO	202307111
 #endif
--- a/src/include/catalog/pg_proc.dat
+++ b/src/include/catalog/pg_proc.dat
@ -5413,9 +5413,9 @@
  proname => 'pg_stat_get_activity', prorows => '100', proisstrict => 'f',
  proretset => 't', provolatile => 's', proparallel => 'r',
  prorettype => 'record', proargtypes => 'int4',
-  proallargtypes => '{int4,oid,int4,oid,text,text,text,text,text,timestamptz,timestamptz,timestamptz,timestamptz,inet,text,int4,xid,xid,text,bool,text,text,int4,text,numeric,text,timestamp,timestamp,bool,text,bool,bool,int4,int8}',
+  proallargtypes => '{int4,oid,int4,oid,text,text,text,text,text,timestamptz,timestamptz,timestamptz,timestamptz,inet,text,int4,xid,xid,text,bool,text,text,int4,text,numeric,text,bool,text,bool,bool,int4,int8}',
-  proargmodes => '{i,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o}',
+  proargmodes => '{i,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o}',
-  proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,ssl_client_dn,ssl_client_serial,ssl_issuer_dn,ssl_not_before,ssl_not_after,gss_auth,gss_princ,gss_enc,gss_delegation,leader_pid,query_id}',
+  proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,ssl_client_dn,ssl_client_serial,ssl_issuer_dn,gss_auth,gss_princ,gss_enc,gss_delegation,leader_pid,query_id}',
  prosrc => 'pg_stat_get_activity' },
 { oid => '3318',
  descr => 'statistics: information about progress of backends running maintenance command',
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@ -298,8 +298,6 @@ extern const char *be_tls_get_cipher(Port *port);
 extern void be_tls_get_peer_subject_name(Port *port, char *ptr, size_t len);
 extern void be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len);
 extern void be_tls_get_peer_serial(Port *port, char *ptr, size_t len);
 extern void be_tls_get_peer_not_before(Port *port, Timestamp *ptr);
 extern void be_tls_get_peer_not_after(Port *port, Timestamp *ptr);
 /*
 * Get the server certificate hash for SCRAM channel binding type
--- a/src/include/utils/backend_status.h
+++ b/src/include/utils/backend_status.h
@ -61,8 +61,6 @@ typedef struct PgBackendSSLStatus
 	char		ssl_client_serial[NAMEDATALEN];
 	char		ssl_issuer_dn[NAMEDATALEN];
 	Timestamp	ssl_not_before;
 	Timestamp	ssl_not_after;
 } PgBackendSSLStatus;
 /*
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@ -1760,7 +1760,7 @@ pg_stat_activity| SELECT s.datid,
    s.query_id,
    s.query,
    s.backend_type
-   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, ssl_not_before, ssl_not_after, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
+   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
     LEFT JOIN pg_database d ON ((s.datid = d.oid)))
     LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));
 pg_stat_all_indexes| SELECT c.oid AS relid,
@ -1878,7 +1878,7 @@ pg_stat_gssapi| SELECT pid,
    gss_princ AS principal,
    gss_enc AS encrypted,
    gss_delegation AS credentials_delegated
-   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, ssl_not_before, ssl_not_after, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
+   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
  WHERE (client_port IS NOT NULL);
 pg_stat_io| SELECT backend_type,
    object,
@ -2080,7 +2080,7 @@ pg_stat_replication| SELECT s.pid,
    w.sync_priority,
    w.sync_state,
    w.reply_time
-   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, ssl_not_before, ssl_not_after, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
+   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
     JOIN pg_stat_get_wal_senders() w(pid, state, sent_lsn, write_lsn, flush_lsn, replay_lsn, write_lag, flush_lag, replay_lag, sync_priority, sync_state, reply_time) ON ((s.pid = w.pid)))
     LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));
 pg_stat_replication_slots| SELECT s.slot_name,
@ -2113,10 +2113,8 @@ pg_stat_ssl| SELECT pid,
    sslbits AS bits,
    ssl_client_dn AS client_dn,
    ssl_client_serial AS client_serial,
-    ssl_issuer_dn AS issuer_dn,
+    ssl_issuer_dn AS issuer_dn
-    ssl_not_before AS not_before,
+   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
    ssl_not_after AS not_after
   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, ssl_not_before, ssl_not_after, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
  WHERE (client_port IS NOT NULL);
 pg_stat_subscription| SELECT su.oid AS subid,
    su.subname,
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@ -543,8 +543,8 @@ command_like(
 		"$common_connstr sslrootcert=invalid", '-c',
 		"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"
 	],
-	qr{^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn,not_before,not_after\r?\n
+	qr{^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn\r?\n
-				^\d+,t,TLSv[\d.]+,[\w-]+,\d+,_null_,_null_,_null_,_null_,_null_\r?$}mx,
+				^\d+,t,TLSv[\d.]+,[\w-]+,\d+,_null_,_null_,_null_\r?$}mx,
 	'pg_stat_ssl view without client certificate');
 # Test min/max SSL protocol versions.
@ -745,8 +745,8 @@ command_like(
 		'-c',
 		"SELECT * FROM pg_stat_ssl WHERE pid = pg_backend_pid()"
 	],
-	qr{^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn,not_before,not_after\r?\n
+	qr{^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn\r?\n
-				^\d+,t,TLSv[\d.]+,[\w-]+,\d+,/?CN=ssltestuser,$serialno,/?\QCN=Test CA for PostgreSQL SSL regression test client certs\E,\Q2023-06-29 01:01:01\E,\Q2050-01-01 01:01:01\E\r?$}mx,
+				^\d+,t,TLSv[\d.]+,[\w-]+,\d+,/?CN=ssltestuser,$serialno,/?\QCN=Test CA for PostgreSQL SSL regression test client certs\E\r?$}mx,
 	'pg_stat_ssl with client certificate');
 # client key with wrong permissions
--- a/src/test/ssl/t/003_sslinfo.pl
+++ b/src/test/ssl/t/003_sslinfo.pl
@ -165,20 +165,6 @@ $result = $node->safe_psql(
 	connstr => $common_connstr);
 is($result, 't', "ssl_issuer_field() for commonName");
 $result = $node->safe_psql(
 	"certdb",
 	"SELECT ssl_client_get_notbefore() = not_before, "
 	  . "not_before = '2023-06-29 01:01:01' FROM pg_stat_ssl WHERE pid = pg_backend_pid();",
 	connstr => $common_connstr);
 is($result, 't|t', "ssl_client_get_notbefore() for not_before timestamp");
 $result = $node->safe_psql(
 	"certdb",
 	"SELECT ssl_client_get_notafter() = not_after, "
 	  . "not_after = '2050-01-01 01:01:01' FROM pg_stat_ssl WHERE pid = pg_backend_pid();",
 	connstr => $common_connstr);
 is($result, 't|t', "ssl_client_get_notafter() for not_after timestamp");
 $result = $node->safe_psql(
 	"certdb",
 	"SELECT value, critical FROM ssl_extension_info() WHERE name = 'basicConstraints';",