This patch attempts to note the use of the root.crt file in the server.
Given that PostgreSQL will output a message complaining about it's
absence if you're using SSL mode, I feel it's important that it gets a
mention in the documentation at some point.

Index: doc/src/sgml/runtime.sgml
RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v
retrieving revision 1.281
diff -u -r1.281 runtime.sgml
--- doc/src/sgml/runtime.sgml   17 Sep 2004 22:40:46 -0000      1.281
+++ doc/src/sgml/runtime.sgml   22 Sep 2004 06:45:13 -0000
@@ -4353,6 +4353,24 @@
    to turn the certificate into a self-signed certificate and to copy the
    key and certificate to where the server will look for them.
+  <para>
+   If verification of client certificates is required, place the
+   certificates of the <acronym>CA</acronym> you wish to check for in
+   the file <filename>root.crt</filename> in the data directory.  When
+   present, a client certificate will be requested from the client
+   making the connection and it must have been signed by one of the
+   certificates present in <filename>root.crt</filename>.  If no
+   certificate is presented, the connection will be allowed to proceed
+   anway.
+  </para>
+  <para>
+   The <filename>root.crt</filename> file is always checked for, and
+   its absence will be noted through a message in the log.  This is
+   merely an informative message that client certificates will not be
+   requested.
+  </para>
  <sect1 id="ssh-tunnels">
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Reply via email to