diff options
| -rw-r--r-- | doc/src/sgml/config.sgml | 4 | ||||
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/runtime.sgml | 3 |
3 files changed, 8 insertions, 5 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index ab617c7b868..4ac617615c2 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1248,7 +1248,7 @@ include_dir 'conf.d' </term> <listitem> <para> - Specifies the name of the file containing the SSL server certificate + Specifies the name of the file containing the SSL client certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> @@ -1267,7 +1267,7 @@ include_dir 'conf.d' </term> <listitem> <para> - Specifies the name of the directory containing the SSL server + Specifies the name of the directory containing the SSL client certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index c17d33a54f0..14f35d37f66 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1742,7 +1742,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname <term><literal>sslcrl</literal></term> <listitem> <para> - This parameter specifies the file name of the SSL certificate + This parameter specifies the file name of the SSL server certificate revocation list (CRL). Certificates listed in this file, if it exists, will be rejected while attempting to authenticate the server's certificate. If neither @@ -1758,7 +1758,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname <term><literal>sslcrldir</literal></term> <listitem> <para> - This parameter specifies the directory name of the SSL certificate + This parameter specifies the directory name of the SSL server certificate revocation list (CRL). Certificates listed in the files in this directory, if it exists, will be rejected while attempting to authenticate the server's certificate. @@ -8374,6 +8374,8 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) setting the connection parameters <literal>sslrootcert</literal> and <literal>sslcrl</literal> or the environment variables <envar>PGSSLROOTCERT</envar> and <envar>PGSSLCRL</envar>. + <literal>sslcrldir</literal> or the environment variable <envar>PGSSLCRLDIR</envar> + can also be used to specify a directory containing CRL files. </para> <note> diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 58150996b80..f77ed242044 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2337,7 +2337,8 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 you wish to avoid storing them on clients (assuming the root and intermediate certificates were created with <literal>v3_ca</literal> extensions). Certificate Revocation List (CRL) entries are also - checked if the parameter <xref linkend="guc-ssl-crl-file"/> is set. + checked if the parameter <xref linkend="guc-ssl-crl-file"/> or + <xref linkend="guc-ssl-crl-dir"/> is set. </para> <para> |