Thanks for committing this! At Thu, 18 Feb 2021 08:24:23 +0100, Peter Eisentraut <peter.eisentr...@enterprisedb.com> wrote in > On 2021-02-17 05:05, Kyotaro Horiguchi wrote: > > The commit fe61df7f82 shot down this. > > This patch allows a new GUC ssl_crl_dir and a new libpq connection > > option sslcrldir to specify CRL directory, which stores multiple files > > that contains one CRL. With that method server loads only CRLs for the > > CA of the certificate being validated. > > Along with rebasing, the documentation is slightly reworded. > > Committed this. > > I changed the documentation a bit. Instead of having a separate > section describing the CRL options, I put that information directly > into the libpq and GUC sections. Some of the information, such as > that the directory files are loaded on demand, isn't so obviously > useful in the libpq case, so I found that a bit confusing. Also, I
Agreed. > got the impression that the hashed directory format is sort of > internal to OpenSSL, and there are several versions of that format, so > I didn't want to copy over the description of these internals. > Instead, I referred to the openssl rehash/c_rehash commands for > information. If we get support for non-OpenSSL providers, we'll > probably have to revisit this. Thanks. I'm fine with that, either. regards. -- Kyotaro Horiguchi NTT Open Source Software Center
