[HACKERS] Re: [PATCHES] RE: SSL Connections [doc PATCH]
> That would probably be good, yes :-) > > You shuold then change: > mv privkey.pem cert.pem.pw > openssl rsa -in cert.pem.pw -out cert.pem > > to > openssl rsa -in privkey.pem -out cert.pem > > (Sorry, don't have access to the SGML source now, so I can't give you a > patch) OK, the SGML diff is: --- Index: doc/src/sgml/runtime.sgml === RCS file: /home/projects/pgsql/cvsroot/pgsql/doc/src/sgml/runtime.sgml,v retrieving revision 1.46 diff -c -r1.46 runtime.sgml *** doc/src/sgml/runtime.sgml 2001/01/08 21:01:54 1.46 --- doc/src/sgml/runtime.sgml 2001/01/24 15:17:09 *** *** 1911,1918 To remove the passphrase (as you must if you want automatic start-up of the postmaster), run the commands ! mv privkey.pem cert.pem.pw ! openssl rsa -in cert.pem.pw -out cert.pem Enter the old passphrase to unlock the existing key. Now do --- 1911,1917 To remove the passphrase (as you must if you want automatic start-up of the postmaster), run the commands ! openssl rsa -in privkey.pem -out cert.pem Enter the old passphrase to unlock the existing key. Now do -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026
[HACKERS] RE: [PATCHES] RE: SSL Connections [doc PATCH]
Needs fixing - no. The current version *works*. The fix would remove one unnecessary step from it, but it still *works* in it's current state. Sorry about this - I've missed looking at it. //Magnus > -Original Message- > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > Sent: den 24 januari 2001 15:47 > To: Magnus Hagander > Cc: PostgreSQL-development; PostgreSQL-documentation > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > Again, is this something that needs fixing? Just a YES or NO is all I > need. > > > > > It looks Ok, but it has one unnecessary step. There is no > need to do the "mv > > privkey.pem cert.pem.pw" if you just use "privkey.pem" in > the following > > openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". > > But there is nothing wrong with it as it is now, as far as > I can see. > > > > > > //Magnus > > > > > > > -Original Message- > > > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > > > Sent: den 21 december 2000 20:15 > > > To: Magnus Hagander > > > Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' > > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > > > > I have applied an earlier patch to this file for SSL. > Could you check > > > the current tree and see how you like it? > > > > > > > > > > Thanks for that one! > > > > > > > > Here is a patch to update the documentation based on this - > > > this should make > > > > it less dependant on the version of OpenSSL used. > > > > > > > > //Magnus > > > > > > > > > > > > > > > > > -Original Message- > > > > > From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] > > > > > Sent: den 21 december 2000 16:49 > > > > > To: Oliver Elphick > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > > > > > To create a quick self-signed certificate, use the > CA.pl script > > > > > > included in OpenSSL: > > > > > > > > > > > > CA.pl -newcert > > > > > > > > > > Or you can do it manually: > > > > > > > > > > openssl req -new -text -out cert.req (you will have to enter > > > > > a password) > > > > > mv privkey.pem cert.pem.pw > > > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > > > the password) > > > > > openssl req -x509 -in cert.req -text -key cert.pem > -out cert.cert > > > > > > > > > > Matthew. > > > > > > > > > > > > > > > [ Attachment, skipping... ] > > > > > > > > > -- > > > Bruce Momjian| http://candle.pha.pa.us > > > [EMAIL PROTECTED] | (610) 853-3000 > > > + If your life is a hard drive, | 830 Blythe Avenue > > > + Christ can be your backup.| Drexel Hill, > > > Pennsylvania 19026 > > > > > > > > -- > Bruce Momjian| http://candle.pha.pa.us > [EMAIL PROTECTED] | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup.| Drexel Hill, > Pennsylvania 19026 >
[HACKERS] Re: [PATCHES] RE: SSL Connections [doc PATCH]
Again, is this something that needs fixing? Just a YES or NO is all I need. > It looks Ok, but it has one unnecessary step. There is no need to do the "mv > privkey.pem cert.pem.pw" if you just use "privkey.pem" in the following > openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". > But there is nothing wrong with it as it is now, as far as I can see. > > > //Magnus > > > > -Original Message- > > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > > Sent: den 21 december 2000 20:15 > > To: Magnus Hagander > > Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > I have applied an earlier patch to this file for SSL. Could you check > > the current tree and see how you like it? > > > > > > > Thanks for that one! > > > > > > Here is a patch to update the documentation based on this - > > this should make > > > it less dependant on the version of OpenSSL used. > > > > > > //Magnus > > > > > > > > > > > > > -Original Message- > > > > From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] > > > > Sent: den 21 december 2000 16:49 > > > > To: Oliver Elphick > > > > Cc: [EMAIL PROTECTED] > > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > > > To create a quick self-signed certificate, use the CA.pl script > > > > > included in OpenSSL: > > > > > > > > > > CA.pl -newcert > > > > > > > > Or you can do it manually: > > > > > > > > openssl req -new -text -out cert.req (you will have to enter > > > > a password) > > > > mv privkey.pem cert.pem.pw > > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > > the password) > > > > openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert > > > > > > > > Matthew. > > > > > > > > > > > [ Attachment, skipping... ] > > > > > > -- > > Bruce Momjian| http://candle.pha.pa.us > > [EMAIL PROTECTED] | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup.| Drexel Hill, > > Pennsylvania 19026 > > > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026
[HACKERS] Re: [PATCHES] RE: SSL Connections [doc PATCH]
But shouldn't we remove it to make it clearer? > Needs fixing - no. The current version *works*. > The fix would remove one unnecessary step from it, but it still *works* in > it's current state. > > Sorry about this - I've missed looking at it. > > //Magnus > > > -Original Message- > > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > > Sent: den 24 januari 2001 15:47 > > To: Magnus Hagander > > Cc: PostgreSQL-development; PostgreSQL-documentation > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > > > Again, is this something that needs fixing? Just a YES or NO is all I > > need. > > > > > > > > > It looks Ok, but it has one unnecessary step. There is no > > need to do the "mv > > > privkey.pem cert.pem.pw" if you just use "privkey.pem" in > > the following > > > openssl command (e.g. openssl rsa -in privkey.pem -out cert.pem". > > > But there is nothing wrong with it as it is now, as far as > > I can see. > > > > > > > > > //Magnus > > > > > > > > > > -Original Message- > > > > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > > > > Sent: den 21 december 2000 20:15 > > > > To: Magnus Hagander > > > > Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' > > > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > > > > > > > I have applied an earlier patch to this file for SSL. > > Could you check > > > > the current tree and see how you like it? > > > > > > > > > > > > > Thanks for that one! > > > > > > > > > > Here is a patch to update the documentation based on this - > > > > this should make > > > > > it less dependant on the version of OpenSSL used. > > > > > > > > > > //Magnus > > > > > > > > > > > > > > > > > > > > > -Original Message- > > > > > > From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] > > > > > > Sent: den 21 december 2000 16:49 > > > > > > To: Oliver Elphick > > > > > > Cc: [EMAIL PROTECTED] > > > > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > > > > > > > To create a quick self-signed certificate, use the > > CA.pl script > > > > > > > included in OpenSSL: > > > > > > > > > > > > > > CA.pl -newcert > > > > > > > > > > > > Or you can do it manually: > > > > > > > > > > > > openssl req -new -text -out cert.req (you will have to enter > > > > > > a password) > > > > > > mv privkey.pem cert.pem.pw > > > > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > > > > the password) > > > > > > openssl req -x509 -in cert.req -text -key cert.pem > > -out cert.cert > > > > > > > > > > > > Matthew. > > > > > > > > > > > > > > > > > > > [ Attachment, skipping... ] > > > > > > > > > > > > -- > > > > Bruce Momjian| http://candle.pha.pa.us > > > > [EMAIL PROTECTED] | (610) 853-3000 > > > > + If your life is a hard drive, | 830 Blythe Avenue > > > > + Christ can be your backup.| Drexel Hill, > > > > Pennsylvania 19026 > > > > > > > > > > > > > -- > > Bruce Momjian| http://candle.pha.pa.us > > [EMAIL PROTECTED] | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup.| Drexel Hill, > > Pennsylvania 19026 > > > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026
[HACKERS] RE: [PATCHES] RE: SSL Connections [doc PATCH]
That would probably be good, yes :-) You shuold then change: mv privkey.pem cert.pem.pw openssl rsa -in cert.pem.pw -out cert.pem to openssl rsa -in privkey.pem -out cert.pem (Sorry, don't have access to the SGML source now, so I can't give you a patch) //Magnus > -Original Message- > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > Sent: den 24 januari 2001 16:03 > To: Magnus Hagander > Cc: PostgreSQL-development; PostgreSQL-documentation > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > But shouldn't we remove it to make it clearer? > > > Needs fixing - no. The current version *works*. > > The fix would remove one unnecessary step from it, but it > still *works* in > > it's current state. > > > > Sorry about this - I've missed looking at it. > > > > //Magnus > > > > > -Original Message- > > > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > > > Sent: den 24 januari 2001 15:47 > > > To: Magnus Hagander > > > Cc: PostgreSQL-development; PostgreSQL-documentation > > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > > > > > > > Again, is this something that needs fixing? Just a YES > or NO is all I > > > need. > > > > > > > > > > > > > It looks Ok, but it has one unnecessary step. There is no > > > need to do the "mv > > > > privkey.pem cert.pem.pw" if you just use "privkey.pem" in > > > the following > > > > openssl command (e.g. openssl rsa -in privkey.pem -out > cert.pem". > > > > But there is nothing wrong with it as it is now, as far as > > > I can see. > > > > > > > > > > > > //Magnus > > > > > > > > > > > > > -Original Message- > > > > > From: Bruce Momjian [mailto:[EMAIL PROTECTED]] > > > > > Sent: den 21 december 2000 20:15 > > > > > To: Magnus Hagander > > > > > Cc: 'Matthew Kirkwood'; '[EMAIL PROTECTED]' > > > > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH] > > > > > > > > > > > > > > > I have applied an earlier patch to this file for SSL. > > > Could you check > > > > > the current tree and see how you like it? > > > > > > > > > > > > > > > > Thanks for that one! > > > > > > > > > > > > Here is a patch to update the documentation based on this - > > > > > this should make > > > > > > it less dependant on the version of OpenSSL used. > > > > > > > > > > > > //Magnus > > > > > > > > > > > > > > > > > > > > > > > > > -Original Message- > > > > > > > From: Matthew Kirkwood [mailto:[EMAIL PROTECTED]] > > > > > > > Sent: den 21 december 2000 16:49 > > > > > > > To: Oliver Elphick > > > > > > > Cc: [EMAIL PROTECTED] > > > > > > > Subject: Re: [HACKERS] SSL Connections > > > > > > > > > > > > > > > > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote: > > > > > > > > > > > > > > > To create a quick self-signed certificate, use the > > > CA.pl script > > > > > > > > included in OpenSSL: > > > > > > > > > > > > > > > > CA.pl -newcert > > > > > > > > > > > > > > Or you can do it manually: > > > > > > > > > > > > > > openssl req -new -text -out cert.req (you will > have to enter > > > > > > > a password) > > > > > > > mv privkey.pem cert.pem.pw > > > > > > > openssl rsa -in cert.pem.pw -out cert.pem (this removes > > > > > the password) > > > > > > > openssl req -x509 -in cert.req -text -key cert.pem > > > -out cert.cert > > > > > > > > > > > > > > Matthew. > > > > > > > > > > > > > > > > > > > > > > > [ Attachment, skipping... ] > > > > > > > > > > > > > > > -- > > > > > Bruce Momjian| http://candle.pha.pa.us > > > > [EMAIL PROTECTED] | (610) 853-3000 > > > > + If your life is a hard drive, | 830 Blythe Avenue > > > > + Christ can be your backup.| Drexel Hill, > > > > Pennsylvania 19026 > > > > > > > > > > > > > -- > > Bruce Momjian| http://candle.pha.pa.us > > [EMAIL PROTECTED] | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup.| Drexel Hill, > > Pennsylvania 19026 > > > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup.| Drexel Hill, Pennsylvania 19026