Re: Wrong description in server_ca.config and client_ca.config
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: Wrong description in server_ca.config and client_ca.config |
| Дата | |
| Msg-id | 9F5D3F4F-EEDE-43F6-BFB2-7918F2946DA4@yesql.se обсуждение исходный текст |
| Ответ на | Wrong description in server_ca.config and client_ca.config (David Zhang <david.zhang@highgo.ca>) |
| Список | pgsql-hackers |
> On 27 Feb 2024, at 20:38, David Zhang <david.zhang@highgo.ca> wrote: > > Hi Hackers, > > The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the descriptionsin server_ca.config states, "This certificate is used to sign server certificates. It is self-signed." However,the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed certificate. IIRC the intent was to say it isn't signed by an official CA, but I agree it's misleading. > Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an IntermediateCA." Agreed. We should perhaps add the "This certificate is self-signed" sentence to root_ca.conf as well while at it, it's currently only mentioned in sslfiles.mk and adding it to the config would make the documentation more consistent. > Attached is a patch attempting to fix the description issue. Thanks, I'll have another look and will apply. -- Daniel Gustafsson
В списке pgsql-hackers по дате отправления: