Is ssl_crl_file "SSL server cert revocation list"? - Mailing list pgsql-hackers
| From | Kyotaro Horiguchi |
|---|---|
| Subject | Is ssl_crl_file "SSL server cert revocation list"? |
| Date | |
| Msg-id | 20211202.135441.590555657708629486.horikyota.ntt@gmail.com Whole thread Raw |
| Responses |
Re: Is ssl_crl_file "SSL server cert revocation list"?
|
| List | pgsql-hackers |
As discussed in the thread [1], I find the wording "SSL server certificate revocation list" as misleading or plain wrong. I used to read it as "SSL server certificate (of PostgreSQL client) revocation list" but I find it misleading-ish from fresh eyes. So I'd like to propose a change of the doc as attached. What do you think about this? [1] https://www.postgresql.org/message-id/20211202.134619.1052008069537649171.horikyota.ntt%40gmail.com regards. -- Kyotaro Horiguchi NTT Open Source Software Center diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index ab617c7b86..4ac617615c 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1248,7 +1248,7 @@ include_dir 'conf.d' </term> <listitem> <para> - Specifies the name of the file containing the SSL server certificate + Specifies the name of the file containing the SSL client certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> @@ -1267,7 +1267,7 @@ include_dir 'conf.d' </term> <listitem> <para> - Specifies the name of the directory containing the SSL server + Specifies the name of the directory containing the SSL client certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index c17d33a54f..eb3a0c6b55 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1742,11 +1742,10 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname <term><literal>sslcrl</literal></term> <listitem> <para> - This parameter specifies the file name of the SSL certificate + This parameter specifies the file name of the SSL server certificate revocation list (CRL). Certificates listed in this file, if it - exists, will be rejected while attempting to authenticate the - server's certificate. If neither - <xref linkend='libpq-connect-sslcrl'/> nor + exists, will be rejected while attempting to authenticate the server's + certificate. If neither <xref linkend='libpq-connect-sslcrl'/> nor <xref linkend='libpq-connect-sslcrldir'/> is set, this setting is taken as <filename>~/.postgresql/root.crl</filename>. @@ -1758,9 +1757,9 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname <term><literal>sslcrldir</literal></term> <listitem> <para> - This parameter specifies the directory name of the SSL certificate - revocation list (CRL). Certificates listed in the files in this - directory, if it exists, will be rejected while attempting to + This parameter specifies the directory name of the SSL server + certificate revocation list (CRL). Certificates listed in the files + in this directory, if it exists, will be rejected while attempting to authenticate the server's certificate. </para>
pgsql-hackers by date: