This patch attempts to note the use of the root.crt file in the server.

Given that PostgreSQL will output a message complaining about it's
absence if you're using SSL mode, I feel it's important that it gets a
mention in the documentation at some point.

Dominic Mitchell

1 files changed, 19 insertions, 1 deletions

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 831bd1accec..ff437bad35a 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.282 2004/09/22 03:55:24 neilc Exp $
+$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.283 2004/09/23 13:15:57 momjian Exp $
 -->
 
 <Chapter Id="runtime">
@@ -4358,6 +4358,24 @@ chmod og-rwx server.key
    to turn the certificate into a self-signed certificate and to copy the
    key and certificate to where the server will look for them.
   </para>
+
+  <para>
+   If verification of client certificates is required, place the
+   certificates of the <acronym>CA</acronym> you wish to check for in
+   the file <filename>root.crt</filename> in the data directory.  When
+   present, a client certificate will be requested from the client
+   making the connection and it must have been signed by one of the
+   certificates present in <filename>root.crt</filename>.  If no
+   certificate is presented, the connection will be allowed to proceed
+   anway.
+  </para>
+
+  <para>
+   The <filename>root.crt</filename> file is always checked for, and
+   its absence will be noted through a message in the log.  This is
+   merely an informative message that client certificates will not be
+   requested.
+  </para>
  </sect1>
 
  <sect1 id="ssh-tunnels">