diff options
| author | Daniel Gustafsson | 2021-12-03 13:15:50 +0000 |
|---|---|---|
| committer | Daniel Gustafsson | 2021-12-03 13:15:50 +0000 |
| commit | 7b0643c77b464bd00eb6b63f6538057e024c775e (patch) | |
| tree | ac60ac1b0334496e9359c72ba3357a92a868ae66 /doc/src | |
| parent | 82d1e13344985369a0f5c5d1c9e72f81d997e2ca (diff) | |
Doc: Fix misleading wording of CRL parameters
ssl_crl_file and ssl_crl_dir are both used to for client certificate
revocation, not server certificates. The description for the params
could be easily misread to mean the opposite however, as evidenced
by the bugreport leading to this fix. Similarly, expand sslcrl and
and sslcrldir to explicitly mention server certificates. While there
also mention sslcrldir where previously only sslcrl was discussed.
Backpatch down to v10, with the CRL dir fixes down to 14 where they
were introduced.
Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
Reviewed-by: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Discussion: https://postgr.es/m/20211202.135441.590555657708629486.horikyota.ntt@gmail.com
Discussion: https://postgr.es/m/CABWY_HCBUCjY1EJHrEGePGEaSZ5b29apgTohCyygtsqe_ySYng@mail.gmail.com
Backpatch-through: 10
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/config.sgml | 2 | ||||
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index e500b1fdecc..d43a7cbf63c 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1143,7 +1143,7 @@ include_dir 'conf.d' </term> <listitem> <para> - Specifies the name of the file containing the SSL server certificate + Specifies the name of the file containing the SSL client certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index fa7332a9039..1b76ef2db73 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1519,7 +1519,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname <term><literal>sslcrl</literal></term> <listitem> <para> - This parameter specifies the file name of the SSL certificate + This parameter specifies the file name of the SSL server certificate revocation list (CRL). Certificates listed in this file, if it exists, will be rejected while attempting to authenticate the server's certificate. The default is |