Обсуждение: RE: [PATCHES] RE: SSL Connections [doc PATCH]

That would probably be good, yes :-)

You shuold then change:
mv privkey.pem cert.pem.pw
openssl rsa -in cert.pem.pw -out cert.pem

to
openssl rsa -in privkey.pem -out cert.pem

(Sorry, don't have access to the SGML source now, so I can't give you a
patch)

//Magnus

> -----Original Message-----
> From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> Sent: den 24 januari 2001 16:03
> To: Magnus Hagander
> Cc: PostgreSQL-development; PostgreSQL-documentation
> Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH]
>
>
>
> But shouldn't we remove it to make it clearer?
>
> > Needs fixing - no. The current version *works*.
> > The fix would remove one unnecessary step from it, but it
> still *works* in
> > it's current state.
> >
> > Sorry about this - I've missed looking at it.
> >
> > //Magnus
> >
> > > -----Original Message-----
> > > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> > > Sent: den 24 januari 2001 15:47
> > > To: Magnus Hagander
> > > Cc: PostgreSQL-development; PostgreSQL-documentation
> > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH]
> > >
> > >
> > >
> > > Again, is this something that needs fixing?  Just a YES
> or NO is all I
> > > need.
> > >
> > >
> > >
> > > > It looks Ok, but it has one unnecessary step. There is no
> > > need to do the "mv
> > > > privkey.pem cert.pem.pw" if you just use "privkey.pem" in
> > > the following
> > > > openssl command (e.g. openssl rsa -in privkey.pem -out
> cert.pem".
> > > > But there is nothing wrong with it as it is now, as far as
> > > I can see.
> > > >
> > > >
> > > > //Magnus
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> > > > > Sent: den 21 december 2000 20:15
> > > > > To: Magnus Hagander
> > > > > Cc: 'Matthew Kirkwood'; 'pgsql-patches@postgresql.org'
> > > > > Subject: Re: [PATCHES] RE: SSL Connections [doc PATCH]
> > > > >
> > > > >
> > > > > I have applied an earlier patch to this file for SSL.
> > > Could you check
> > > > > the current tree and see how you like it?
> > > > >
> > > > >
> > > > > > Thanks for that one!
> > > > > >
> > > > > > Here is a patch to update the documentation based on this -
> > > > > this should make
> > > > > > it less dependant on the version of OpenSSL used.
> > > > > >
> > > > > > //Magnus
> > > > > >
> > > > > >
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Matthew Kirkwood [mailto:matthew@hairy.beasts.org]
> > > > > > > Sent: den 21 december 2000 16:49
> > > > > > > To: Oliver Elphick
> > > > > > > Cc: pgsql-hackers@postgresql.org
> > > > > > > Subject: Re: [HACKERS] SSL Connections
> > > > > > >
> > > > > > >
> > > > > > > On Wed, 20 Dec 2000, Oliver Elphick wrote:
> > > > > > >
> > > > > > > > To create a quick self-signed certificate, use the
> > > CA.pl script
> > > > > > > > included in OpenSSL:
> > > > > > > >
> > > > > > > > CA.pl -newcert
> > > > > > >
> > > > > > > Or you can do it manually:
> > > > > > >
> > > > > > > openssl req -new -text -out cert.req (you will
> have to enter
> > > > > > > a password)
> > > > > > > mv privkey.pem cert.pem.pw
> > > > > > > openssl rsa -in cert.pem.pw -out cert.pem  (this removes
> > > > > the password)
> > > > > > > openssl req -x509 -in cert.req -text -key cert.pem
> > > -out cert.cert
> > > > > > >
> > > > > > > Matthew.
> > > > > > >
> > > > > >
> > > > >
> > > > > [ Attachment, skipping... ]
> > > > >
> > > > >
> > > > > --
> > > > >   Bruce Momjian                        |
http://candle.pha.pa.us
> > > >   pgman@candle.pha.pa.us               |  (610) 853-3000
> > > >   +  If your life is a hard drive,     |  830 Blythe Avenue
> > > >   +  Christ can be your backup.        |  Drexel Hill,
> > > > Pennsylvania 19026
> > > >
> > >
> >
> >
> > --
> >   Bruce Momjian                        |  http://candle.pha.pa.us
> >   pgman@candle.pha.pa.us               |  (610) 853-3000
> >   +  If your life is a hard drive,     |  830 Blythe Avenue
> >   +  Christ can be your backup.        |  Drexel Hill,
> > Pennsylvania 19026
> >
>


--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

> That would probably be good, yes :-)
>
> You shuold then change:
> mv privkey.pem cert.pem.pw
> openssl rsa -in cert.pem.pw -out cert.pem
>
> to
> openssl rsa -in privkey.pem -out cert.pem
>
> (Sorry, don't have access to the SGML source now, so I can't give you a
> patch)

OK, the SGML diff is:

---------------------------------------------------------------------------

Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/doc/src/sgml/runtime.sgml,v
retrieving revision 1.46
diff -c -r1.46 runtime.sgml
*** doc/src/sgml/runtime.sgml    2001/01/08 21:01:54    1.46
--- doc/src/sgml/runtime.sgml    2001/01/24 15:17:09
***************
*** 1911,1918 ****
     To remove the passphrase (as you must if you want automatic start-up of
     the postmaster), run the commands
  <programlisting>
! mv privkey.pem cert.pem.pw
! openssl rsa -in cert.pem.pw -out cert.pem
  </programlisting>
     Enter the old passphrase to unlock the existing key. Now do
  <programlisting>
--- 1911,1917 ----
     To remove the passphrase (as you must if you want automatic start-up of
     the postmaster), run the commands
  <programlisting>
! openssl rsa -in privkey.pem -out cert.pem
  </programlisting>
     Enter the old passphrase to unlock the existing key. Now do
  <programlisting>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026