doc: Remove mentions of server-side CRL and CA file names

Commit a445cb92ef5b3a31313ebce30e18cc1d6e0bdecb removed the default file names for server-side CRL and CA files, but left them in the docs with a small note. This removes the note and the previous default names to clarify, as well as changes mentions of the file names to make it clearer that they are configurable. Author: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Michael Paquier <michael.paquier@gmail.com>
author: Peter Eisentraut <peter_e@gmx.net> 2017-09-01 14:18:45 -0400
committer: Peter Eisentraut <peter_e@gmx.net> 2017-09-01 14:18:45 -0400
commit: a0572203532560423c92066b90d13383720dce3a (patch)
tree: cdca25766552e34d8d11bd222bd77ed6b9a0f099 /doc/src
parent: b79d69b087561eb6687373031a5098b0694f9ec6 (diff)
4 files changed, 7 insertions, 15 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 2b6255ed95a..5f59a382f18 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -983,10 +983,6 @@ include_dir 'conf.d'
         The default is empty, meaning no CA file is loaded,
         and client certificate verification is not performed.
        </para>
-       <para>
-        In previous releases of PostgreSQL, the name of this file was
-        hard-coded as <filename>root.crt</filename>.
-       </para>
       </listitem>
      </varlistentry>
 
@@ -1022,10 +1018,6 @@ include_dir 'conf.d'
         file or on the server command line.
         The default is empty, meaning no CRL file is loaded.
        </para>
-       <para>
-        In previous releases of PostgreSQL, the name of this file was
-        hard-coded as <filename>root.crl</filename>.
-       </para>
       </listitem>
      </varlistentry>
 
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index f154b6b5faf..957096681a6 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -7638,8 +7638,8 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
    certificate of the signing authority to the <filename>postgresql.crt</>
    file, then its parent authority's certificate, and so on up to a certificate
    authority, <quote>root</> or <quote>intermediate</>, that is trusted by
-   the server, i.e. signed by a certificate in the server's
-   <filename>root.crt</filename> file.
+   the server, i.e. signed by a certificate in the server's root CA file
+   (<xref linkend="guc-ssl-ca-file">).
   </para>
 
   <para>
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 6d57525515e..088316cfb64 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2264,7 +2264,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
   <para>
    To require the client to supply a trusted certificate, place
    certificates of the certificate authorities (<acronym>CA</acronym>s)
-   you trust in the file <filename>root.crt</filename> in the data
+   you trust in a file named <filename>root.crt</filename> in the data
    directory, set the parameter <xref linkend="guc-ssl-ca-file"> in
    <filename>postgresql.conf</filename> to <literal>root.crt</literal>,
    and add the authentication option <literal>clientcert=1</literal> to the
@@ -2321,7 +2321,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
    <para>
     <xref linkend="ssl-file-usage"> summarizes the files that are
     relevant to the SSL setup on the server.  (The shown file names are default
-    or typical names.  The locally configured names could be different.)
+    names.  The locally configured names could be different.)
    </para>
 
   <table id="ssl-file-usage">
@@ -2351,14 +2351,14 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
      </row>
 
      <row>
-      <entry><xref linkend="guc-ssl-ca-file"> (<filename>$PGDATA/root.crt</>)</entry>
+      <entry><xref linkend="guc-ssl-ca-file"></entry>
       <entry>trusted certificate authorities</entry>
       <entry>checks that client certificate is
       signed by a trusted certificate authority</entry>
      </row>
 
      <row>
-      <entry><xref linkend="guc-ssl-crl-file"> (<filename>$PGDATA/root.crl</>)</entry>
+      <entry><xref linkend="guc-ssl-crl-file"></entry>
       <entry>certificates revoked by certificate authorities</entry>
       <entry>client certificate must not be on this list</entry>
      </row>
diff --git a/doc/src/sgml/sslinfo.sgml b/doc/src/sgml/sslinfo.sgml
index 7bda33efa32..1fd323a0b64 100644
--- a/doc/src/sgml/sslinfo.sgml
+++ b/doc/src/sgml/sslinfo.sgml
@@ -150,7 +150,7 @@
     </para>
     <para>
      This function is really useful only if you have more than one trusted CA
-     certificate in your server's <filename>root.crt</> file, or if this CA
+     certificate in your server's certificate authority file, or if this CA
      has issued some intermediate certificate authority certificates.
     </para>
     </listitem>
author	Peter Eisentraut <peter_e@gmx.net>	2017-09-01 14:18:45 -0400
committer	Peter Eisentraut <peter_e@gmx.net>	2017-09-01 14:18:45 -0400
commit	a0572203532560423c92066b90d13383720dce3a (patch)
tree	cdca25766552e34d8d11bd222bd77ed6b9a0f099 /doc/src
parent	b79d69b087561eb6687373031a5098b0694f9ec6 (diff)