mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-11-21 03:13:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update SSL description for when SSL root.crt/server.crt is required;

Browse Source 
add link to libpq SSL does from server docs.

Backpatch to 8.2.X.
This commit is contained in:
Bruce Momjian 2007-03-30 03:19:19 +00:00
parent 0e95abd64c
commit 4dd2d9192d
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/src/sgml/libpq.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.220.2.6 2007/02/19 22:06:30 momjian Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.220.2.7 2007/03/30 03:19:19 momjian Exp $ -->
<chapter id="libpq">
<title><application>libpq</application> - C Library</title>
@ -4458,7 +4458,7 @@ ldap://ldap.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=mydatabase)
<filename>%APPDATA%\postgresql\root.crt</filename>.)
The SSL connection will
fail if the server does not present a certificate; therefore, to
use this feature the server must also have a <filename>root.crt</> file.
use this feature the server must have a <filename>server.crt</> file.
Certificate Revocation List (CRL) entries are also checked if the file
<filename>~/.postgresql/root.crl</filename> exists (<filename>%APPDATA%\postgresql\root.crl</filename>
on Microsoft Windows).

11
doc/src/sgml/runtime.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.374 2006/11/25 22:44:48 petere Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.374.2.1 2007/03/30 03:19:19 momjian Exp $ -->
<chapter Id="runtime">
<title>Operating System Environment</title>
@ -1552,10 +1552,11 @@ chmod og-rwx server.key
certificates of the <acronym>CA</acronym>(s) you wish to check for in
the file <filename>root.crt</filename> in the data directory. When
present, a client certificate will be requested from the client
during SSL connection startup, and it must have been signed by one of the
certificates present in <filename>root.crt</filename>. Certificate
Revocation List (CRL) entries are also checked if the file
<filename>root.crl</filename> exists.
during SSL connection startup, and it must have been signed by one of
the certificates present in <filename>root.crt</filename>. (See <xref
linkend="libpq-ssl"> for a description of how to set up client
certificates.) Certificate Revocation List (CRL) entries are also
checked if the file <filename>root.crl</filename> exists.
</para>
<para>