Add two documentation tables to outline SSL file usage for client and server.

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index be43ec7814ff8a173ce567b120ebb37a21640ff5..76f9bfdee06ba6169bc317820835f3163e733e8f 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.249 2007/12/25 04:00:43 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.250 2007/12/25 06:15:34 momjian Exp $ -->
 
 <chapter id="libpq">
  <title><application>libpq</application> - C Library</title>
@@ -5200,6 +5200,48 @@ defaultNoticeProcessor(void *arg, const char *message)
    application.
   </para>
 
+  <table id="libpq-ssl-file-usage">
+   <title>SSL Client File Usage</title>
+   <tgroup cols="3">
+    <thead>
+     <row>
+      <entry>File</entry>
+      <entry>Contents</entry>
+      <entry>Effect</entry>
+     </row>
+    </thead>
+
+    <tbody>
+
+     <row>
+      <entry><filename>~/.postgresql/postgresql.crt</></entry>
+      <entry>client certificate</entry>
+      <entry>requested by server</entry>
+     </row>
+
+     <row>
+      <entry><filename>~/.postgresql/postgresql.key</></entry>
+      <entry>client private key</entry>
+      <entry>used to authenticate client certificate</entry>
+     </row>
+
+     <row>
+      <entry><filename>~/.postgresql/root.crt</></entry>
+      <entry>trusted certificate authorities</entry>
+      <entry>requests server certificate; checks certificate is
+      signed by a trusted certificate authority</entry>
+     </row>
+
+     <row>
+      <entry><filename>~/.postgresql/root.crl</></entry>
+      <entry>certificates revoked by certificate authorities</entry>
+      <entry>server certificate must not be on this list</entry>
+     </row>
+
+    </tbody>
+   </tgroup>
+  </table>
+
  </sect1>
 
 

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index b9f312daeda7f29b3e05a5650497bca03f8ef03b..73322384bb49ae77b546dbd1ceade5eb6e137392 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.395 2007/12/25 04:00:44 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.396 2007/12/25 06:15:34 momjian Exp $ -->
 
 <chapter Id="runtime">
  <title>Operating System Environment</title>
@@ -1641,7 +1641,49 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
    the server for changes in them to take effect.
   </para>
 
-  <sect2 id="ssl-certificate">
+  <table id="ssl-file-usage">
+   <title>SSL Server File Usage</title>
+   <tgroup cols="3">
+    <thead>
+     <row>
+      <entry>File</entry>
+      <entry>Contents</entry>
+      <entry>Effect</entry>
+     </row>
+    </thead>
+
+    <tbody>
+
+     <row>
+      <entry><filename>server.crt</></entry>
+      <entry>server certificate</entry>
+      <entry>requested by client</entry>
+     </row>
+
+     <row>
+      <entry><filename>server.key</></entry>
+      <entry>server private key</entry>
+      <entry>used to authenticate server certificate</entry>
+     </row>
+
+     <row>
+      <entry><filename>root.crt</></entry>
+      <entry>trusted certificate authorities</entry>
+      <entry>requests client certificate; checks certificate is
+      signed by a trusted certificate authority</entry>
+     </row>
+
+     <row>
+      <entry><filename>root.crl</></entry>
+      <entry>certificates revoked by certificate authorities</entry>
+      <entry>client certificate must not be on this list</entry>
+     </row>
+
+    </tbody>
+   </tgroup>
+  </table>
+
+  <sect2 id="ssl-certificate-creation">
    <title>Creating a Self-Signed Certificate</title>
 
    <para>