Thread: RE: RE: SSL Connections [doc PATCH]
It looks Ok, but it has one unnecessary step. There is no need to do the "mv privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". But there is nothing wrong with it as it is now, as far as I can see. //Magnus > -----Original Message----- > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > Sent: den 21 december 2000 20:15 > To: Magnus Hagander > Cc: 'Matthew Kirkwood'; 'pgsql-patches@postgresql.org' > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > I have applied an earlier patch to this file for SSL. Could you check > the current tree and see how you like it? > > > > Thanks for that one! > > > > Here is a patch to update the documentation based on this - > this should make > > it less dependant on the version of OpenSSL used. > > > > //Magnus > > > > > > > > > -----Original Message----- > > > From: Matthew Kirkwood [mailto:matthew@hairy.beasts.org] > > > Sent: den 21 december 2000 16:49 > > > To: Oliver Elphick > > > Cc: pgsql-hackers@postgresql.org > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > To create a quick self-signed certificate, use the CA.pl script > > > > included in OpenSSL: > > > > > > > > CA.pl -newcert > > > > > > Or you can do it manually: > > > > > > openssl req -new -text -out cert.req (you will have to enter > > > a password) > > > mv privkey.pem cert.pem.pw > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > the password) > > > openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert > > > > > > Matthew. > > > > > > > [ Attachment, skipping... ] > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, > Pennsylvania 19026 >
If this is a valid point, can someone send me a patch for it? Thanks. > It looks Ok, but it has one unnecessary step. There is no need to do the "mv > privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following > openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". > But there is nothing wrong with it as it is now, as far as I can see. > > > //Magnus > > > > -----Original Message----- > > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > > Sent: den 21 december 2000 20:15 > > To: Magnus Hagander > > Cc: 'Matthew Kirkwood'; 'pgsql-patches@postgresql.org' > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > I have applied an earlier patch to this file for SSL. Could you check > > the current tree and see how you like it? > > > > > > > Thanks for that one! > > > > > > Here is a patch to update the documentation based on this - > > this should make > > > it less dependant on the version of OpenSSL used. > > > > > > //Magnus > > > > > > > > > > > > > -----Original Message----- > > > > From: Matthew Kirkwood [mailto:matthew@hairy.beasts.org] > > > > Sent: den 21 december 2000 16:49 > > > > To: Oliver Elphick > > > > Cc: pgsql-hackers@postgresql.org > > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > > > To create a quick self-signed certificate, use the CA.pl script > > > > > included in OpenSSL: > > > > > > > > > > CA.pl -newcert > > > > > > > > Or you can do it manually: > > > > > > > > openssl req -new -text -out cert.req (you will have to enter > > > > a password) > > > > mv privkey.pem cert.pem.pw > > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > > the password) > > > > openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert > > > > > > > > Matthew. > > > > > > > > > > > [ Attachment, skipping... ] > > > > > > -- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup. | Drexel Hill, > > Pennsylvania 19026 > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Is this resolved? > It looks Ok, but it has one unnecessary step. There is no need to do the "mv > privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following > openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". > But there is nothing wrong with it as it is now, as far as I can see. > > > //Magnus > > > > -----Original Message----- > > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > > Sent: den 21 december 2000 20:15 > > To: Magnus Hagander > > Cc: 'Matthew Kirkwood'; 'pgsql-patches@postgresql.org' > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > I have applied an earlier patch to this file for SSL. Could you check > > the current tree and see how you like it? > > > > > > > Thanks for that one! > > > > > > Here is a patch to update the documentation based on this - > > this should make > > > it less dependant on the version of OpenSSL used. > > > > > > //Magnus > > > > > > > > > > > > > -----Original Message----- > > > > From: Matthew Kirkwood [mailto:matthew@hairy.beasts.org] > > > > Sent: den 21 december 2000 16:49 > > > > To: Oliver Elphick > > > > Cc: pgsql-hackers@postgresql.org > > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > > > To create a quick self-signed certificate, use the CA.pl script > > > > > included in OpenSSL: > > > > > > > > > > CA.pl -newcert > > > > > > > > Or you can do it manually: > > > > > > > > openssl req -new -text -out cert.req (you will have to enter > > > > a password) > > > > mv privkey.pem cert.pem.pw > > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > > the password) > > > > openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert > > > > > > > > Matthew. > > > > > > > > > > > [ Attachment, skipping... ] > > > > > > -- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup. | Drexel Hill, > > Pennsylvania 19026 > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Change made. > It looks Ok, but it has one unnecessary step. There is no need to do the "mv > privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following > openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". > But there is nothing wrong with it as it is now, as far as I can see. > > > //Magnus > > > > -----Original Message----- > > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > > Sent: den 21 december 2000 20:15 > > To: Magnus Hagander > > Cc: 'Matthew Kirkwood'; 'pgsql-patches@postgresql.org' > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > I have applied an earlier patch to this file for SSL. Could you check > > the current tree and see how you like it? > > > > > > > Thanks for that one! > > > > > > Here is a patch to update the documentation based on this - > > this should make > > > it less dependant on the version of OpenSSL used. > > > > > > //Magnus > > > > > > > > > > > > > -----Original Message----- > > > > From: Matthew Kirkwood [mailto:matthew@hairy.beasts.org] > > > > Sent: den 21 december 2000 16:49 > > > > To: Oliver Elphick > > > > Cc: pgsql-hackers@postgresql.org > > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > > > To create a quick self-signed certificate, use the CA.pl script > > > > > included in OpenSSL: > > > > > > > > > > CA.pl -newcert > > > > > > > > Or you can do it manually: > > > > > > > > openssl req -new -text -out cert.req (you will have to enter > > > > a password) > > > > mv privkey.pem cert.pem.pw > > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > > the password) > > > > openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert > > > > > > > > Matthew. > > > > > > > > > > > [ Attachment, skipping... ] > > > > > > -- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup. | Drexel Hill, > > Pennsylvania 19026 > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026