This patch attempts to note the use of the root.crt file in the server. Given that PostgreSQL will output a message complaining about it's absence if you're using SSL mode, I feel it's important that it gets a mention in the documentation at some point.
-Dom
Index: doc/src/sgml/runtime.sgml =================================================================== RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v retrieving revision 1.281 diff -u -r1.281 runtime.sgml --- doc/src/sgml/runtime.sgml 17 Sep 2004 22:40:46 -0000 1.281 +++ doc/src/sgml/runtime.sgml 22 Sep 2004 06:45:13 -0000 @@ -4353,6 +4353,24 @@ to turn the certificate into a self-signed certificate and to copy the key and certificate to where the server will look for them. </para> + + <para> + If verification of client certificates is required, place the + certificates of the <acronym>CA</acronym> you wish to check for in + the file <filename>root.crt</filename> in the data directory. When + present, a client certificate will be requested from the client + making the connection and it must have been signed by one of the + certificates present in <filename>root.crt</filename>. If no + certificate is presented, the connection will be allowed to proceed + anway. + </para> + + <para> + The <filename>root.crt</filename> file is always checked for, and + its absence will be noted through a message in the log. This is + merely an informative message that client certificates will not be + requested. + </para> </sect1> <sect1 id="ssh-tunnels">
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend