Re: [DOCS] [ADMIN] ssl client cert authentication

2011-01-17 Thread Bruce Momjian 
Ray Stell wrote:
> On Mon, Nov 01, 2010 at 12:46:33PM -0400, Tom Lane wrote:
> > Ray Stell  writes:
> > > Someone asked about ssl client cert auth recently.  I got
> > > this to work, but something tripped me up.
> > 
> > > http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html
> > 
> > > states (very clearly, btw) that, "To require the client to supply a
> > > trusted certificate, place certificates of the certificate authorities
> > > (CAs) you trust in the file root.crt in the data directory."  I had
> > > ASS-U-MEd that root.crt would go in .postgresql as it does for encryption.
> > 
> > > This begs the question, why two copies of the same file?
> > 
> > The one in ~/.postgresql is for client usage.  The one in $PGDATA is for
> > the server's use.  There's no reason to assume they'd be the same.
> > 
> > regards, tom lane
> 
> I think I see where I went off:
>  31.17. SSL Support
> Changing this to: 
>  31.17. Client SSL Support
> would be helpful.  Also, 
>  31.17.4. SSL File Usage
> might be:
>  31.17.4. SSL Client File Usage
> They did this in the server section, so I'm not completely nuts:
>  17.8.2. SSL Server File Usage
> 
> In hindsight it is very clear.  Chapter 17 is on the server and 31 is on the
> client.  Adding those section title words would have helped me stay on 
> course. 
> 
> Another way of providing clue would be to add $PGDATA somewhere in Table
> 17-3. SSL Server File Usage.  They did that sort of thing on the client side
> in Table 31-4. Libpq/Client SSL File Usage.

These are all very good ideas and I have applied them for 9.1 in the
attached patch.  I also found a few libpq titles that needed
capitalization, which is also in the patch. Thanks for the ideas.

-- 
  Bruce Momjian  http://momjian.us
  EnterpriseDB http://enterprisedb.com

  + It's impossible for everything to be true. +
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index fe661b8..1606a56 100644
*** /tmp/pgdiff.4616/aPwGCb_libpq.sgml	Mon Jan 17 21:29:06 2011
--- doc/src/sgml/libpq.sgml	Mon Jan 17 21:04:29 2011
*** ldap://ldap.acme.com/cn=dbserver,cn=host
*** 6641,6647 

  
   
!   Certificate verification
  

 By default, PostgreSQL will not perform any verification of
--- 6641,6647 

  
   
!   Client Verification of Server Certificates
  

 By default, PostgreSQL will not perform any verification of
*** ldap://ldap.acme.com/cn=dbserver,cn=host
*** 6696,6702 
   
  
   
!   Client certificates
  

 If the server requests a trusted client certificate,
--- 6696,6702 
   
  
   
!   Client Certificates
  

 If the server requests a trusted client certificate,
*** ldap://ldap.acme.com/cn=dbserver,cn=host
*** 6738,6744 
   
  
   
!   Protection provided in different modes
  

 The different values for the sslmode parameter provide different
--- 6738,6744 
   
  
   
!   Protection Provided in Different Modes
  

 The different values for the sslmode parameter provide different
*** ldap://ldap.acme.com/cn=dbserver,cn=host
*** 6746,6752 
 protection against three types of attacks:


!SSL attacks
 
  
   
--- 6746,6752 
 protection against three types of attacks:


!SSL Attacks
 
  
   
*** ldap://ldap.acme.com/cn=dbserver,cn=host
*** 6821,6827 

  

!SSL mode descriptions
 
  
   
--- 6821,6827 

  

!SSL Mode Descriptions
 
  
   
*** ldap://ldap.acme.com/cn=dbserver,cn=host
*** 6912,6918 
   
  
   
!   SSL File Usage

 Libpq/Client SSL File Usage
 
--- 6912,6918 
   
  
   
!   SSL Client File Usage

 Libpq/Client SSL File Usage
 
*** ldap://ldap.acme.com/cn=dbserver,cn=host
*** 6958,6964 
   
  
   
!   SSL library initialization
  

 If your application initializes libssl and/or
--- 6958,6964 
   
  
   
!   SSL Library Initialization
  

 If your application initializes libssl and/or
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 8911e99..9b92bec 100644
*** /tmp/pgdiff.4616/QgCZ3a_runtime.sgml	Mon Jan 17 21:29:06 2011
--- doc/src/sgml/runtime.sgml	Mon Jan 17 21:18:42 2011
*** $ kill -INT `head -1 /usr/loc
*** 1770,1796 
  
  
   
!   server.crt
server certificate
sent to client to indicate server's identity
   
  
   
!   server.key
server private key
proves server certificate was sent by the owner; does not indicate
certificate owner is trustworthy
   
  
   
!   root.crt
trusted certificate authorities
checks that client certificate is
signed by a trusted certificate authority
   
  
   
!   root.crl
certificates revoked by certificate author

Re: [DOCS] Problems with 8.3.12 docs?

2011-01-17 Thread Josh Kupershmidt 
On Sat, Jan 8, 2011 at 3:24 AM, Steevie  wrote:
> Hello there,
> I recently downloaded from [1] the A4 pdf manual for postgresql 8.3. I
> noticed that in Section VI (SQL commands reference) all the hyperlinks
> to other commands in the "See Also" part of each command description
> do not link to those other command, but rather bring you back to page
> 1, i.e., the very beginning of the pdf. I do not think this is the
> intended behaviour.

Hrm.. there's something different about the 8.3 A4 PDF and the 9.0 A4
PDF on the website. I see the problem you're describing with the 8.3
manual, but not the 9.0 manual. Not sure what that could be, and it's
hard for me to poke at since openjade segfaults for me when trying to
build the PDF.

> In addition, in the documentation version 8.3.12 there is no "content"
> (as in kpdf are called adobe's bookmarks) that can be used to browse
> the pages and move to a particular section. These bookmarks however
> appeared in 8.3.4 version, which also has the same problem with
> hyperlinks.

Not sure I understand this problem, but I'm using gnome's "Document
Viewer" on Ubuntu, and when I check View->Side Pane, I can navigate
through chapters in the PDF.

> I can guess there has been some problem with pdflatex, so recompiling
> the source might solve the problem.
>
> I only wonder whether I should file a bug somewhere or if this report 
> suffices.

This is probably as good a place as any to complain. Maybe someone who
is able to build the PDFs can check whether the 8.3 PDF links are
mangled when they build themselves -- I'm wondering whether perhaps a
PDF compression step done by the website is causing this?

Josh

-- 
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

Re: [DOCS] Problems with 8.3.12 docs?

2011-01-17 Thread Tom Lane 
Josh Kupershmidt  writes:
> This is probably as good a place as any to complain. Maybe someone who
> is able to build the PDFs can check whether the 8.3 PDF links are
> mangled when they build themselves -- I'm wondering whether perhaps a
> PDF compression step done by the website is causing this?

FWIW, I can build the PDF docs for all these versions using the stock
documentation tools on Fedora 13.  Using fresh-built PDFs from the
relevant branch tips using that toolchain:

I confirm the observation that the "See Also" links on the SQL command
reference pages work in 9.0, but not in 8.4 or 8.3.

The sidebar links to chapter/section headings work for me in all three
versions.  In all versions, though, these links seem to point to the
start of the chapter or section text rather than to the section title.
The title is just out of view above the visible area after you use the
link.  This is a tad disconcerting.

I'm using Preview on OS X to look at the PDFs.

regards, tom lane

-- 
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs