Is ssl_crl_file "SSL server cert revocation list"?

Started by Kyotaro Horiguchiover 4 years ago6 messageshackers

Kyotaro Horiguchi

horikyota.ntt@gmail.com

over 4 years ago

As discussed in the thread [1]/messages/by-id/20211202.134619.1052008069537649171.horikyota.ntt@gmail.com, I find the wording "SSL server
certificate revocation list" as misleading or plain wrong.

I used to read it as "SSL server certificate (of PostgreSQL client)
revocation list" but I find it misleading-ish from fresh eyes. So I'd
like to propose a change of the doc as attached.

What do you think about this?

[1]: /messages/by-id/20211202.134619.1052008069537649171.horikyota.ntt@gmail.com

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Kyotaro Horiguchi

horikyota.ntt@gmail.com

over 4 years ago

In reply to: Kyotaro Horiguchi (#1)

Re: Is ssl_crl_file "SSL server cert revocation list"?

At Thu, 02 Dec 2021 13:54:41 +0900 (JST), Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote in

As discussed in the thread [1], I find the wording "SSL server
certificate revocation list" as misleading or plain wrong.

FWIW, I'm convinced that that's plain wrong after finding some
occurances of "(SSL) client certificate" in the doc.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Daniel Gustafsson

daniel@yesql.se

over 4 years ago

In reply to: Kyotaro Horiguchi (#2)

Re: Is ssl_crl_file "SSL server cert revocation list"?

On 2 Dec 2021, at 06:07, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote:

At Thu, 02 Dec 2021 13:54:41 +0900 (JST), Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote in

As discussed in the thread [1], I find the wording "SSL server
certificate revocation list" as misleading or plain wrong.

FWIW, I'm convinced that that's plain wrong after finding some
occurances of "(SSL) client certificate" in the doc.

I agree with this, the concepts have been a bit muddled.

While in there I noticed that we omitted mentioning sslcrldir in a few cases.
The attached v2 adds these and removes the whitespace changes from your patch
for easier review.

--
Daniel Gustafsson https://vmware.com/

Peter Eisentraut

peter_e@gmx.net

over 4 years ago

In reply to: Daniel Gustafsson (#3)

Re: Is ssl_crl_file "SSL server cert revocation list"?

On 02.12.21 10:42, Daniel Gustafsson wrote:

On 2 Dec 2021, at 06:07, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote:

At Thu, 02 Dec 2021 13:54:41 +0900 (JST), Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote in

As discussed in the thread [1], I find the wording "SSL server
certificate revocation list" as misleading or plain wrong.

FWIW, I'm convinced that that's plain wrong after finding some
occurances of "(SSL) client certificate" in the doc.

I agree with this, the concepts have been a bit muddled.

While in there I noticed that we omitted mentioning sslcrldir in a few cases.
The attached v2 adds these and removes the whitespace changes from your patch
for easier review.

This change looks correct to me.

Daniel Gustafsson

daniel@yesql.se

over 4 years ago

In reply to: Peter Eisentraut (#4)

Re: Is ssl_crl_file "SSL server cert revocation list"?

On 2 Dec 2021, at 16:04, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:

This change looks correct to me.

Thanks for review, I've pushed this backpatched (in part) down to 10.

--
Daniel Gustafsson https://vmware.com/

Kyotaro Horiguchi

horikyota.ntt@gmail.com

over 4 years ago

In reply to: Daniel Gustafsson (#5)

Re: Is ssl_crl_file "SSL server cert revocation list"?

At Fri, 3 Dec 2021 14:32:54 +0100, Daniel Gustafsson <daniel@yesql.se> wrote in

On 2 Dec 2021, at 16:04, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:

This change looks correct to me.

Thanks for review, I've pushed this backpatched (in part) down to 10.

Thanks for revising and comitting this.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center