Postgres Pro
Downloads
Home   >   mailing lists

Thread: Missed information about clientname=CN option

Missed information about clientname=CN option

From
PG Doc comments form
Date:
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/16/auth-cert.html
Description:

Hello.

This page missed information about supported clientname=CN/DN option and
describes only `map` option.
Also `clientcert` is described not in format. I expect it was documented
under `map` as next list item of supported options.

Thank you.

Re: Missed information about clientname=CN option

From
"David G. Johnston"
Date:
On Wednesday, January 31, 2024, PG Doc comments form <noreply@postgresql.org> wrote:
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/16/auth-cert.html
Description:

Hello.

This page missed information about supported clientname=CN/DN option and
describes only `map` option.
Also `clientcert` is described not in format. I expect it was documented
under `map` as next list item of supported options


The description for pg_hba.conf auth-options covers this.  Since those two options do not only apply to cert but any hostssl entry it was chosen to document the ssl related options on the pg_hba.conf page.  I do see value in pointing the reader back to that location from the cert page though.  Or maybe move the wording to the cert page and replace the content in pg_hba.conf with a link to there.  Leaning toward the later ATM.

David J.

Re: Missed information about clientname=CN option

From
Daniel Gustafsson
Date:
> On 1 Feb 2024, at 08:35, David G. Johnston <david.g.johnston@gmail.com> wrote:

> maybe move the wording to the cert page and replace the content in pg_hba.conf with a link to there.  Leaning toward
thelater ATM. 

That sounds like the best option IMHO, care to propose a patch?

--
Daniel Gustafsson

Re: Missed information about clientname=CN option

From
"David G. Johnston"
Date:
On Thu, Feb 1, 2024 at 3:16 AM Daniel Gustafsson <daniel@yesql.se> wrote:
> On 1 Feb 2024, at 08:35, David G. Johnston <david.g.johnston@gmail.com> wrote:

> maybe move the wording to the cert page and replace the content in pg_hba.conf with a link to there.  Leaning toward the later ATM.

That sounds like the best option IMHO, care to propose a patch?


Done here:

https://www.postgresql.org/message-id/CAKFQuwa%3DiY13UkH2K4-Srut9iaXBi2FkLzWRxbok%2BmdSMPEDuA%40mail.gmail.com

The material here needed some attention too, both on its own and to fit in with the changes to the client authentication section.

https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-CLIENT-CERTIFICATES

David J.