Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit5ce7599

Browse files
committed
Fix markup, spelling, grammar, and explanations for SSLKEY patch.
1 parent7f1d68a commit5ce7599

File tree

3 files changed

+31
-34
lines changed

3 files changed

+31
-34
lines changed

‎doc/src/sgml/config.sgml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.111 2007/02/1602:59:40 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.112 2007/02/1616:37:29 tgl Exp $ -->
22

33
<chapter Id="runtime-config">
44
<title>Server Configuration</title>
@@ -569,15 +569,15 @@ SET ENABLE_SEQSCAN TO OFF;
569569
</listitem>
570570
</varlistentry>
571571

572-
<varlistentry id="guc-ssl-ciphers" xreflabel="ssl-ciphers">
573-
<term><varname>ssl_ciphers> (<type>string</type>)</term>
572+
<varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers">
573+
<term><varname>ssl_ciphers</varname> (<type>string</type>)</term>
574574
<indexterm>
575575
<primary><varname>ssl_ciphers</> configuration parameter</primary>
576576
</indexterm>
577577
<listitem>
578578
<para>
579-
Specifies a list of <acronym>SSL</> cipherswhich can be used to
580-
establish secure connections. See the <application>openssl</>
579+
Specifies a list of <acronym>SSL</> ciphersthat are allowed to be
580+
used on secure connections. See the <application>openssl</>
581581
manual page for a list of supported ciphers.
582582
</para>
583583
</listitem>

‎doc/src/sgml/libpq.sgml

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.230 2007/02/1603:50:29momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.231 2007/02/1616:37:29tgl Exp $ -->
22

33
<chapter id="libpq">
44
<title><application>libpq</application> - C Library</title>
@@ -4178,10 +4178,11 @@ setting, and is only available if
41784178
<primary><envar>PGSSLKEY</envar></primary>
41794179
</indexterm>
41804180
<envar>PGSSLKEY</envar>
4181-
specifies the hardware tokenwhich stores the secret key for the client
4182-
certificate, instead of a file. The value of this variable should consist
4181+
specifies the hardware tokenthat stores the secret key for the client
4182+
certificate. The value of this variable should consist
41834183
of a colon-separated engine name (engines are <productname>OpenSSL</>
4184-
loadable modules) and an engine-specific key identifier.
4184+
loadable modules) and an engine-specific key identifier. If this is not
4185+
set, the secret key must be kept in a file.
41854186
</para>
41864187
</listitem>
41874188
<listitem>
@@ -4450,38 +4451,37 @@ ldap://ldap.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=mydatabase)
44504451
for increased security. See <xref linkend="ssl-tcp"> for details
44514452
about the server-side <acronym>SSL</> functionality.
44524453
</para>
4454+
44534455
<para>
4454-
<application>libpq</application> reads the system-wide
4455-
<productname>OpenSSL</productname> configuration file. By default, this
4456-
file is named <filename>openssl.cnf</filename> and is located in the
4457-
directory reported by <application>openssl</>:
4458-
<programlisting>
4459-
openssl version -d
4460-
</programlisting>
4461-
The default can be overriden by setting environment variable
4462-
<envar>OPENSSL_CONF</envar> to the name of the desired configuration
4463-
file.
4456+
<application>libpq</application> reads the system-wide
4457+
<productname>OpenSSL</productname> configuration file. By default, this
4458+
file is named <filename>openssl.cnf</filename> and is located in the
4459+
directory reported by <literal>openssl version -d</>.
4460+
This default can be overridden by setting environment variable
4461+
<envar>OPENSSL_CONF</envar> to the name of the desired configuration
4462+
file.
44644463
</para>
4464+
44654465
<para>
44664466
If the server demands a client certificate,
44674467
<application>libpq</application>
44684468
will send the certificate stored in file
44694469
<filename>~/.postgresql/postgresql.crt</> within the user's home directory.
44704470
A matching private key file <filename>~/.postgresql/postgresql.key</>
4471-
must also be present, and must not be world-readable, unless the secret
4472-
key is stored in a hardware token, as specified by
4473-
<envar>PGSSLKEY</envar>.
4471+
must also be present, unless the secret key for the certificate is stored
4472+
in a hardware token, as specified by <envar>PGSSLKEY</envar>.
44744473
(On Microsoft Windows these files are named
44754474
<filename>%APPDATA%\postgresql\postgresql.crt</filename> and
44764475
<filename>%APPDATA%\postgresql\postgresql.key</filename>.)
4476+
The private key file must not be world-readable.
44774477
</para>
44784478

44794479
<para>
44804480
If the environment variable <envar>PGSSLKEY</envar> is set, its value
44814481
should consist of a colon-separated engine name and key identifier. In
44824482
this case, <application>libpq</application> will load the specified
44834483
engine, i.e. the <productname>OpenSSL</> module which supports special
4484-
hardware and reference the key with the specified identifier.
4484+
hardware, and reference the key with the specified identifier.
44854485
Identifiers are engine-specific. Typically, cryptography hardware tokens
44864486
do not reveal secret keys to the application. Instead, applications
44874487
delegate all cryptography operations which require the secret key to

‎doc/src/sgml/runtime.sgml

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.377 2007/02/1602:59:40 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.378 2007/02/1616:37:29 tgl Exp $ -->
22

33
<chapter Id="runtime">
44
<title>Operating System Environment</title>
@@ -1518,20 +1518,17 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
15181518
<para>
15191519
<productname>OpenSSL</productname> supports a wide range of ciphers
15201520
and authentication algorithms, whose strength varies significantly.
1521-
You can restrict the list of cipherswhich can be used to connect to
1522-
your serverusing the <xref linkend="guc-ssl-ciphers"> parameter.
1521+
You can restrict the list of ciphersthat can be used to connect to
1522+
your serverby adjusting the <xref linkend="guc-ssl-ciphers"> parameter.
15231523
</para>
15241524

15251525
<para>
1526-
<productname>PostgreSQL</productname> readsa system-wide
1527-
<productname>OpenSSL</productname> configuration file. By default this
1526+
<productname>PostgreSQL</productname> readsthe system-wide
1527+
<productname>OpenSSL</productname> configuration file. By default, this
15281528
file is named <filename>openssl.cnf</filename> and is located in the
1529-
directory reported by <application>openssl</>:
1530-
<programlisting>
1531-
openssl version -d
1532-
</programlisting>
1533-
This default can be overriden by setting environment variable
1534-
<envar>OPENSSL_CONF</envar> to the name of desired configuration file.
1529+
directory reported by <literal>openssl version -d</>.
1530+
This default can be overridden by setting environment variable
1531+
<envar>OPENSSL_CONF</envar> to the name of the desired configuration file.
15351532
</para>
15361533

15371534
<para>

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp