Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitfadac33

Browse files
Doc: Fix misleading wording of CRL parameters
ssl_crl_file and ssl_crl_dir are both used to for client certificaterevocation, not server certificates. The description for the paramscould be easily misread to mean the opposite however, as evidencedby the bugreport leading to this fix. Similarly, expand sslcrl andand sslcrldir to explicitly mention server certificates. While therealso mention sslcrldir where previously only sslcrl was discussed.Backpatch down to v10, with the CRL dir fixes down to 14 where theywere introduced.Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>Reviewed-by: Peter Eisentraut <peter.eisentraut@enterprisedb.com>Discussion:https://postgr.es/m/20211202.135441.590555657708629486.horikyota.ntt@gmail.comDiscussion:https://postgr.es/m/CABWY_HCBUCjY1EJHrEGePGEaSZ5b29apgTohCyygtsqe_ySYng@mail.gmail.comBackpatch-through: 10
1 parent37b2764 commitfadac33

File tree

3 files changed

+8
-5
lines changed

3 files changed

+8
-5
lines changed

‎doc/src/sgml/config.sgml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1248,7 +1248,7 @@ include_dir 'conf.d'
12481248
</term>
12491249
<listitem>
12501250
<para>
1251-
Specifies the name of the file containing the SSLserver certificate
1251+
Specifies the name of the file containing the SSLclient certificate
12521252
revocation list (CRL).
12531253
Relative paths are relative to the data directory.
12541254
This parameter can only be set in the <filename>postgresql.conf</filename>
@@ -1267,7 +1267,7 @@ include_dir 'conf.d'
12671267
</term>
12681268
<listitem>
12691269
<para>
1270-
Specifies the name of the directory containing the SSLserver
1270+
Specifies the name of the directory containing the SSLclient
12711271
certificate revocation list (CRL). Relative paths are relative to the
12721272
data directory. This parameter can only be set in
12731273
the <filename>postgresql.conf</filename> file or on the server command

‎doc/src/sgml/libpq.sgml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1742,7 +1742,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
17421742
<term><literal>sslcrl</literal></term>
17431743
<listitem>
17441744
<para>
1745-
This parameter specifies the file name of the SSL certificate
1745+
This parameter specifies the file name of the SSLservercertificate
17461746
revocation list (CRL). Certificates listed in this file, if it
17471747
exists, will be rejected while attempting to authenticate the
17481748
server's certificate. If neither
@@ -1758,7 +1758,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
17581758
<term><literal>sslcrldir</literal></term>
17591759
<listitem>
17601760
<para>
1761-
This parameter specifies the directory name of the SSL certificate
1761+
This parameter specifies the directory name of the SSLservercertificate
17621762
revocation list (CRL). Certificates listed in the files in this
17631763
directory, if it exists, will be rejected while attempting to
17641764
authenticate the server's certificate.
@@ -8374,6 +8374,8 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
83748374
setting
83758375
the connection parameters <literal>sslrootcert</literal> and <literal>sslcrl</literal>
83768376
or the environment variables <envar>PGSSLROOTCERT</envar> and <envar>PGSSLCRL</envar>.
8377+
<literal>sslcrldir</literal> or the environment variable <envar>PGSSLCRLDIR</envar>
8378+
can also be used to specify a directory containing CRL files.
83778379
</para>
83788380

83798381
<note>

‎doc/src/sgml/runtime.sgml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2337,7 +2337,8 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
23372337
you wish to avoid storing them on clients (assuming the root and
23382338
intermediate certificates were created with <literal>v3_ca</literal>
23392339
extensions). Certificate Revocation List (CRL) entries are also
2340-
checked if the parameter <xref linkend="guc-ssl-crl-file"/> is set.
2340+
checked if the parameter <xref linkend="guc-ssl-crl-file"/> or
2341+
<xref linkend="guc-ssl-crl-dir"/> is set.
23412342
</para>
23422343

23432344
<para>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp