Missed information about clientname=CN option

On Wednesday, January 31, 2024, PG Doc comments form <noreply@postgresql.org>
wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/16/auth-cert.html
Description:

Hello.

This page missed information about supported clientname=CN/DN option and
describes only `map` option.
Also `clientcert` is described not in format. I expect it was documented
under `map` as next list item of supported options

The description for pg_hba.conf auth-options covers this. Since those two
options do not only apply to cert but any hostssl entry it was chosen to
document the ssl related options on the pg_hba.conf page. I do see value
in pointing the reader back to that location from the cert page though. Or
maybe move the wording to the cert page and replace the content in
pg_hba.conf with a link to there. Leaning toward the later ATM.

David J.

On 1 Feb 2024, at 08:35, David G. Johnston <david.g.johnston@gmail.com> wrote:

maybe move the wording to the cert page and replace the content in pg_hba.conf with a link to there. Leaning toward the later ATM.

That sounds like the best option IMHO, care to propose a patch?

--
Daniel Gustafsson

On Thu, Feb 1, 2024 at 3:16 AM Daniel Gustafsson <daniel@yesql.se> wrote:

On 1 Feb 2024, at 08:35, David G. Johnston <david.g.johnston@gmail.com>

wrote:

maybe move the wording to the cert page and replace the content in

pg_hba.conf with a link to there. Leaning toward the later ATM.

That sounds like the best option IMHO, care to propose a patch?

Done here:

/messages/by-id/CAKFQuwa=iY13UkH2K4-Srut9iaXBi2FkLzWRxbok+mdSMPEDuA@mail.gmail.com

The material here needed some attention too, both on its own and to fit in
with the changes to the client authentication section.

https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-CLIENT-CERTIFICATES

David J.