NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commita057220

committed

doc: Remove mentions of server-side CRL and CA file names

Commita445cb9 removed the default filenames for server-side CRL and CA files, but left them in the docs with asmall note. This removes the note and the previous default names toclarify, as well as changes mentions of the file names to make itclearer that they are configurable.Author: Daniel Gustafsson <daniel@yesql.se>Reviewed-by: Michael Paquier <michael.paquier@gmail.com>

1 parentb79d69b commita057220Copy full SHA for a057220

File tree

4 files changed

-15

lines changed

doc/src/sgml

4 files changed

-15

lines changed

`‎doc/src/sgml/config.sgml`

Lines changed: 0 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -983,10 +983,6 @@ include_dir 'conf.d'`
`983`	`983`	`The default is empty, meaning no CA file is loaded,`
`984`	`984`	`and client certificate verification is not performed.`
`985`	`985`	`</para>`
`986`		`- <para>`
`987`		`- In previous releases of PostgreSQL, the name of this file was`
`988`		`- hard-coded as <filename>root.crt</filename>.`
`989`		`- </para>`
`990`	`986`	`</listitem>`
`991`	`987`	`</varlistentry>`
`992`	`988`
`@@ -1022,10 +1018,6 @@ include_dir 'conf.d'`
`1022`	`1018`	`file or on the server command line.`
`1023`	`1019`	`The default is empty, meaning no CRL file is loaded.`
`1024`	`1020`	`</para>`
`1025`		`- <para>`
`1026`		`- In previous releases of PostgreSQL, the name of this file was`
`1027`		`- hard-coded as <filename>root.crl</filename>.`
`1028`		`- </para>`
`1029`	`1021`	`</listitem>`
`1030`	`1022`	`</varlistentry>`
`1031`	`1023`

`‎doc/src/sgml/libpq.sgml`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -7638,8 +7638,8 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)`
`7638`	`7638`	`certificate of the signing authority to the <filename>postgresql.crt</>`
`7639`	`7639`	`file, then its parent authority's certificate, and so on up to a certificate`
`7640`	`7640`	`authority, <quote>root</> or <quote>intermediate</>, that is trusted by`
`7641`		`- the server, i.e. signed by a certificate in the server's`
`7642`		`-<filename>root.crt</filename>file.`
	`7641`	`+ the server, i.e. signed by a certificate in the server's root CA file`
	`7642`	`+(<xref linkend="guc-ssl-ca-file">).`
`7643`	`7643`	`</para>`
`7644`	`7644`
`7645`	`7645`	`<para>`

`‎doc/src/sgml/runtime.sgml`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -2264,7 +2264,7 @@ pg_dumpall -p 5432 \| psql -d postgres -p 5433`
`2264`	`2264`	`<para>`
`2265`	`2265`	`To require the client to supply a trusted certificate, place`
`2266`	`2266`	`certificates of the certificate authorities (<acronym>CA</acronym>s)`
`2267`		`- you trust inthe file <filename>root.crt</filename> in the data`
	`2267`	`+ you trust ina file named <filename>root.crt</filename> in the data`
`2268`	`2268`	`directory, set the parameter <xref linkend="guc-ssl-ca-file"> in`
`2269`	`2269`	`<filename>postgresql.conf</filename> to <literal>root.crt</literal>,`
`2270`	`2270`	`and add the authentication option <literal>clientcert=1</literal> to the`
`@@ -2321,7 +2321,7 @@ pg_dumpall -p 5432 \| psql -d postgres -p 5433`
`2321`	`2321`	`<para>`
`2322`	`2322`	`<xref linkend="ssl-file-usage"> summarizes the files that are`
`2323`	`2323`	`relevant to the SSL setup on the server. (The shown file names are default`
`2324`		`-or typicalnames. The locally configured names could be different.)`
	`2324`	`+ names. The locally configured names could be different.)`
`2325`	`2325`	`</para>`
`2326`	`2326`
`2327`	`2327`	`<table id="ssl-file-usage">`
`@@ -2351,14 +2351,14 @@ pg_dumpall -p 5432 \| psql -d postgres -p 5433`
`2351`	`2351`	`</row>`
`2352`	`2352`
`2353`	`2353`	`<row>`
`2354`		`- <entry><xref linkend="guc-ssl-ca-file"> (<filename>$PGDATA/root.crt</>)</entry>`
	`2354`	`+ <entry><xref linkend="guc-ssl-ca-file"></entry>`
`2355`	`2355`	`<entry>trusted certificate authorities</entry>`
`2356`	`2356`	`<entry>checks that client certificate is`
`2357`	`2357`	`signed by a trusted certificate authority</entry>`
`2358`	`2358`	`</row>`
`2359`	`2359`
`2360`	`2360`	`<row>`
`2361`		`- <entry><xref linkend="guc-ssl-crl-file"> (<filename>$PGDATA/root.crl</>)</entry>`
	`2361`	`+ <entry><xref linkend="guc-ssl-crl-file"></entry>`
`2362`	`2362`	`<entry>certificates revoked by certificate authorities</entry>`
`2363`	`2363`	`<entry>client certificate must not be on this list</entry>`
`2364`	`2364`	`</row>`

`‎doc/src/sgml/sslinfo.sgml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@`
`150`	`150`	`</para>`
`151`	`151`	`<para>`
`152`	`152`	`This function is really useful only if you have more than one trusted CA`
`153`		`- certificate in your server's<filename>root.crt</> file, or if this CA`
	`153`	`+ certificate in your server'scertificate authority file, or if this CA`
`154`	`154`	`has issued some intermediate certificate authority certificates.`
`155`	`155`	`</para>`
`156`	`156`	`</listitem>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita057220

File tree

4 files changed

4 files changed

`‎doc/src/sgml/config.sgml`

`‎doc/src/sgml/libpq.sgml`

`‎doc/src/sgml/runtime.sgml`

`‎doc/src/sgml/sslinfo.sgml`

0 commit comments