Feature request check TLS certificates validity

[Tiago-Anastacio]

trafficstars

Hello,

Feature request

when pgbackrest server service starts and certificates (at least one of them) is not longer valid example : openssl x509 -in mycert -text ... Validity Not After : May 9 14:54:32 2023 GMT

It should be logged to all-server.log file.

It could be also an option to refuse to start service as it has become completely usefulness

1. pgBackRest version: 2.44

2. PostgreSQL version: 13.7

3. Operating system/version - if you have more than one server (for example, a database server, a repository host server, one or more standbys), please specify each: SUSE 15

4. Did you install pgBackRest from source or from a package? community RPMS

5. Please attach the following as applicable:

   • pgbackrest.conf file(s)
   • postgresql.conf settings applicable to pgBackRest (archive_command, archive_mode, listen_addresses, max_wal_senders, wal_level, port)
   • errors in the postgresql log file before or during the time you experienced the issue
   • log file in /var/log/pgbackrest for the commands run (e.g. /var/log/pgbackrest/mystanza_backup.log)

6. Describe the issue: pgbackrest_hostpostgres_conf.log pgbackrest_host.conf.log

all-server_postgrteshost.log

Thank you

[dwsteele]

This does seem like it would be useful, but I'm not sure it is something we are going to work on, at least in the near future. Honestly, working with the openssl API is such a nightmare (and ensuring compatibility across versions) that it is hard to contemplate implementing anything not absolutely necessary.

If Postgres were to add support for this we might be more motivated since we'd be able to crib code from that project, which is pretty much what we already do.

[luc-vocab]

Kuma Uptime can check for SSL certificate impending expiry on https sites, it can also check the status of a postgresql server, if I had to implement such a feature, I would implement it in Kuma Uptime, not in pgbackrest.