From e44876fe7fec3bd1ad67f3c351ead6d42c91ac3f Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Wed, 16 Aug 2017 22:18:19 +0200 Subject: [PATCH] Remove mentions of serverside CRL and CA files Commit a445cb92ef5b3a31313ebce30e18cc1d6e0bdecb removed the default filenames for serverside CRL and CA files, but left them in the docs with a small note. This removes the note, and the previous default names, to clarify as well as changes mentions of the filenames to make it clearer that they are configurable. --- doc/src/sgml/config.sgml | 10 ++++++---- doc/src/sgml/libpq.sgml | 4 ++-- doc/src/sgml/runtime.sgml | 10 +++++----- doc/src/sgml/sslinfo.sgml | 2 +- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 2b6255ed95..4aea9a2731 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -984,8 +984,9 @@ include_dir 'conf.d' and client certificate verification is not performed. - In previous releases of PostgreSQL, the name of this file was - hard-coded as root.crt. + In earlier versions of PostgreSQL, the name of this file was + hard-coded as root.crt. As of + PostgreSQL 9.2 it is a configuration parameter. @@ -1023,8 +1024,9 @@ include_dir 'conf.d' The default is empty, meaning no CRL file is loaded. - In previous releases of PostgreSQL, the name of this file was - hard-coded as root.crl. + In earlier versions of PostgreSQL, the name of this file was + hard-coded as root.crl. As of + PostgreSQL 9.2 it is a configuration parameter. diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index ad5e9b95b4..b00552b883 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -7637,8 +7637,8 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) certificate of the signing authority to the postgresql.crt file, then its parent authority's certificate, and so on up to a certificate authority, root or intermediate, that is trusted by - the server, i.e. signed by a certificate in the server's - root.crt file. + the server, i.e. signed by a certificate in the server's root certificate + file. diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 6d57525515..83115c9191 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2264,7 +2264,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 To require the client to supply a trusted certificate, place certificates of the certificate authorities (CAs) - you trust in the file root.crt in the data + you trust in a file named root.crt in the data directory, set the parameter in postgresql.conf to root.crt, and add the authentication option clientcert=1 to the @@ -2320,8 +2320,8 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 summarizes the files that are - relevant to the SSL setup on the server. (The shown file names are default - or typical names. The locally configured names could be different.) + relevant to the SSL setup on the server. (The shown file names are default, + the locally configured names could be different.) @@ -2351,14 +2351,14 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 - ($PGDATA/root.crt) + trusted certificate authorities checks that client certificate is signed by a trusted certificate authority - ($PGDATA/root.crl) + certificates revoked by certificate authorities client certificate must not be on this list diff --git a/doc/src/sgml/sslinfo.sgml b/doc/src/sgml/sslinfo.sgml index 7bda33efa3..c720601cf5 100644 --- a/doc/src/sgml/sslinfo.sgml +++ b/doc/src/sgml/sslinfo.sgml @@ -150,7 +150,7 @@ This function is really useful only if you have more than one trusted CA - certificate in your server's root.crt file, or if this CA + certificate in your server's root certificate file, or if this CA has issued some intermediate certificate authority certificates. -- 2.14.1.145.gb3622a4ee