From 60a6dbb76c8853ecbbe04cdbae1086cdcc454312 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Tue, 25 Dec 2007 06:15:34 +0000
Subject: [PATCH] Add two documentation tables to outline SSL file usage for
 client and server.

---
 doc/src/sgml/libpq.sgml   | 44 ++++++++++++++++++++++++++++++++++++-
 doc/src/sgml/runtime.sgml | 46 +++++++++++++++++++++++++++++++++++++--
 2 files changed, 87 insertions(+), 3 deletions(-)

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index be43ec7814..76f9bfdee0 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.249 2007/12/25 04:00:43 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.250 2007/12/25 06:15:34 momjian Exp $ -->
 
 <chapter id="libpq">
  <title><application>libpq</application> - C Library</title>
@@ -5200,6 +5200,48 @@ defaultNoticeProcessor(void *arg, const char *message)
    application.
   </para>
 
+  <table id="libpq-ssl-file-usage">
+   <title>SSL Client File Usage</title>
+   <tgroup cols="3">
+    <thead>
+     <row>
+      <entry>File</entry>
+      <entry>Contents</entry>
+      <entry>Effect</entry>
+     </row>
+    </thead>
+
+    <tbody>
+
+     <row>
+      <entry><filename>~/.postgresql/postgresql.crt</></entry>
+      <entry>client certificate</entry>
+      <entry>requested by server</entry>
+     </row>
+
+     <row>
+      <entry><filename>~/.postgresql/postgresql.key</></entry>
+      <entry>client private key</entry>
+      <entry>used to authenticate client certificate</entry>
+     </row>
+
+     <row>
+      <entry><filename>~/.postgresql/root.crt</></entry>
+      <entry>trusted certificate authorities</entry>
+      <entry>requests server certificate; checks certificate is
+      signed by a trusted certificate authority</entry>
+     </row>
+
+     <row>
+      <entry><filename>~/.postgresql/root.crl</></entry>
+      <entry>certificates revoked by certificate authorities</entry>
+      <entry>server certificate must not be on this list</entry>
+     </row>
+
+    </tbody>
+   </tgroup>
+  </table>
+
  </sect1>
 
 
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index b9f312daed..73322384bb 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.395 2007/12/25 04:00:44 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.396 2007/12/25 06:15:34 momjian Exp $ -->
 
 <chapter Id="runtime">
  <title>Operating System Environment</title>
@@ -1641,7 +1641,49 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
    the server for changes in them to take effect.
   </para>
 
-  <sect2 id="ssl-certificate">
+  <table id="ssl-file-usage">
+   <title>SSL Server File Usage</title>
+   <tgroup cols="3">
+    <thead>
+     <row>
+      <entry>File</entry>
+      <entry>Contents</entry>
+      <entry>Effect</entry>
+     </row>
+    </thead>
+
+    <tbody>
+
+     <row>
+      <entry><filename>server.crt</></entry>
+      <entry>server certificate</entry>
+      <entry>requested by client</entry>
+     </row>
+
+     <row>
+      <entry><filename>server.key</></entry>
+      <entry>server private key</entry>
+      <entry>used to authenticate server certificate</entry>
+     </row>
+
+     <row>
+      <entry><filename>root.crt</></entry>
+      <entry>trusted certificate authorities</entry>
+      <entry>requests client certificate; checks certificate is
+      signed by a trusted certificate authority</entry>
+     </row>
+
+     <row>
+      <entry><filename>root.crl</></entry>
+      <entry>certificates revoked by certificate authorities</entry>
+      <entry>client certificate must not be on this list</entry>
+     </row>
+
+    </tbody>
+   </tgroup>
+  </table>
+
+  <sect2 id="ssl-certificate-creation">
    <title>Creating a Self-Signed Certificate</title>
 
    <para>
-- 
2.40.0