Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11
Yi Sun <yinan81@gmail.com>
From: Yi Sun <yinan81@gmail.com>
To: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
Cc: pgsql-general@postgresql.org
Date: 2021-12-02T03:31:26Z
Lists: pgsql-general
Hi Kyotaro From the description, seems ~/.postgresql/root.crl is store client revoked certificate https://www.postgresql.org/docs/11/libpq-ssl.html ~/.postgresql/root.crl certificates revoked by certificate authorities server certificate must not be on this list Just don't know why server parameter ssl_crl_file parameter configured but don't take affect https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE ssl_crl_file (string) Specifies the name of the file containing the SSL server certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the postgresql.conf file or on the server command line. The default is empty, meaning no CRL file is loaded.
Commits
-
Doc: Fix misleading wording of CRL parameters
- fadac33bb8de 15.0 landed
- e2ebc90eb809 13.6 landed
- b6360aa46ce9 14.2 landed
- 7d0229e89f4f 10.20 landed
- 7b0643c77b46 11.15 landed
- 386d97781d17 12.10 landed