From: Peter Eisentraut Date: Fri, 1 Sep 2017 18:18:45 +0000 (-0400) Subject: doc: Remove mentions of server-side CRL and CA file names X-Git-Tag: REL_11_BETA1~1692 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a0572203532560423c92066b90d13383720dce3a;p=postgresql doc: Remove mentions of server-side CRL and CA file names Commit a445cb92ef5b3a31313ebce30e18cc1d6e0bdecb removed the default file names for server-side CRL and CA files, but left them in the docs with a small note. This removes the note and the previous default names to clarify, as well as changes mentions of the file names to make it clearer that they are configurable. Author: Daniel Gustafsson Reviewed-by: Michael Paquier --- diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 2b6255ed95..5f59a382f1 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -983,10 +983,6 @@ include_dir 'conf.d' The default is empty, meaning no CA file is loaded, and client certificate verification is not performed. - - In previous releases of PostgreSQL, the name of this file was - hard-coded as root.crt. - @@ -1022,10 +1018,6 @@ include_dir 'conf.d' file or on the server command line. The default is empty, meaning no CRL file is loaded. - - In previous releases of PostgreSQL, the name of this file was - hard-coded as root.crl. - diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index f154b6b5fa..957096681a 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -7638,8 +7638,8 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) certificate of the signing authority to the postgresql.crt file, then its parent authority's certificate, and so on up to a certificate authority, root or intermediate, that is trusted by - the server, i.e. signed by a certificate in the server's - root.crt file. + the server, i.e. signed by a certificate in the server's root CA file + (). diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 6d57525515..088316cfb6 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2264,7 +2264,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 To require the client to supply a trusted certificate, place certificates of the certificate authorities (CAs) - you trust in the file root.crt in the data + you trust in a file named root.crt in the data directory, set the parameter in postgresql.conf to root.crt, and add the authentication option clientcert=1 to the @@ -2321,7 +2321,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 summarizes the files that are relevant to the SSL setup on the server. (The shown file names are default - or typical names. The locally configured names could be different.) + names. The locally configured names could be different.) @@ -2351,14 +2351,14 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 - ($PGDATA/root.crt) + trusted certificate authorities checks that client certificate is signed by a trusted certificate authority - ($PGDATA/root.crl) + certificates revoked by certificate authorities client certificate must not be on this list diff --git a/doc/src/sgml/sslinfo.sgml b/doc/src/sgml/sslinfo.sgml index 7bda33efa3..1fd323a0b6 100644 --- a/doc/src/sgml/sslinfo.sgml +++ b/doc/src/sgml/sslinfo.sgml @@ -150,7 +150,7 @@ This function is really useful only if you have more than one trusted CA - certificate in your server's root.crt file, or if this CA + certificate in your server's certificate authority file, or if this CA has issued some intermediate certificate authority certificates.