| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | David Zhang <david(dot)zhang(at)highgo(dot)ca> |
| Cc: | Pgsql Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Wrong description in server_ca.config and client_ca.config |
| Date: | 2024-02-28 13:29:25 |
| Message-ID: | 9F5D3F4F-EEDE-43F6-BFB2-7918F2946DA4@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 27 Feb 2024, at 20:38, David Zhang <david(dot)zhang(at)highgo(dot)ca> wrote:
>
> Hi Hackers,
>
> The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the descriptions in server_ca.config states, "This certificate is used to sign server certificates. It is self-signed." However, the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed certificate.
IIRC the intent was to say it isn't signed by an official CA, but I agree it's
misleading.
> Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an Intermediate CA."
Agreed. We should perhaps add the "This certificate is self-signed" sentence
to root_ca.conf as well while at it, it's currently only mentioned in
sslfiles.mk and adding it to the config would make the documentation more
consistent.
> Attached is a patch attempting to fix the description issue.
Thanks, I'll have another look and will apply.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Pyhalov | 2024-02-28 13:43:07 | Re: Partial aggregates pushdown |
| Previous Message | Tomas Vondra | 2024-02-28 13:22:29 | Re: BitmapHeapScan streaming read user and prelim refactoring |