database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-24 10:47:04 +03:00
Code

Update SSL description for when SSL root.crt/server.crt is required;

Browse Source 
add link to libpq SSL does from server docs.

Backpatch to 8.2.X.
This commit is contained in:
Bruce Momjian 2007-03-30 03:19:02 +00:00
parent 8875d0987d
commit 2ebfe9a818
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/src/sgml/libpq.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.234 2007/02/20 19:35:17 momjian Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.235 2007/03/30 03:19:02 momjian Exp $ -->
<chapter id="libpq">
<title><application>libpq</application> - C Library</title>
@ -4501,7 +4501,7 @@ ldap://ldap.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=mydatabase)
<filename>%APPDATA%\postgresql\root.crt</filename>.)
The SSL connection will
fail if the server does not present a certificate; therefore, to
use this feature the server must also have a <filename>root.crt</> file.
use this feature the server must have a <filename>server.crt</> file.
Certificate Revocation List (CRL) entries are also checked if the file
<filename>~/.postgresql/root.crl</filename> exists (<filename>%APPDATA%\postgresql\root.crl</filename>
on Microsoft Windows).

11
doc/src/sgml/runtime.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.380 2007/03/06 09:59:22 petere Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.381 2007/03/30 03:19:02 momjian Exp $ -->
<chapter Id="runtime">
<title>Operating System Environment</title>
@ -1574,10 +1574,11 @@ chmod og-rwx server.key
certificates of the <acronym>CA</acronym>(s) you wish to check for in
the file <filename>root.crt</filename> in the data directory. When
present, a client certificate will be requested from the client
during SSL connection startup, and it must have been signed by one of the
certificates present in <filename>root.crt</filename>. Certificate
Revocation List (CRL) entries are also checked if the file
<filename>root.crl</filename> exists.
during SSL connection startup, and it must have been signed by one of
the certificates present in <filename>root.crt</filename>. (See <xref
linkend="libpq-ssl"> for a description of how to set up client
certificates.) Certificate Revocation List (CRL) entries are also
checked if the file <filename>root.crl</filename> exists.
</para>
<para>