Commit 804a1e86 authored by Christoph Berg's avatar Christoph Berg

pg_createcluster: If /etc/postgresql-common/root.crl is present, symlink

it (<= 9.1), or set ssl_crl_file (>= 9.2).
parent e2da41e3
......@@ -3,6 +3,8 @@ postgresql-common (141) UNRELEASED; urgency=low
* pg_createcluster: For 9.2 and higher, use the new ssl_ca_file
option instead of creating a root.crt symlink in the data directory.
(Related to the fix for #680162 below.)
* pg_createcluster: If /etc/postgresql-common/root.crl is present, symlink
it (<= 9.1), or set ssl_crl_file (>= 9.2).
-- Christoph Berg <myon@debian.org> Fri, 01 Feb 2013 10:51:05 +0100
......
......@@ -460,8 +460,9 @@ if ($newcluster && -e '/etc/ssl/certs/ssl-cert-snakeoil.pem' &&
PgCommon::set_conf_value $version, $cluster, 'postgresql.conf', 'ssl', 'true';
}
# create SSL client certificate root symlink if appropriate
# SSL client certificate CA
if ($newcluster && -e '/etc/postgresql-common/root.crt') {
# check if we have a cert in there or just the boilerplate installed by our postinst
open F, '/etc/postgresql-common/root.crt';
my $val;
read F, $val, 4096;
......@@ -475,6 +476,16 @@ if ($newcluster && -e '/etc/postgresql-common/root.crt') {
}
}
# SSL client certificate revocation list
if ($newcluster && -e '/etc/postgresql-common/root.crl') {
if ($version >= '9.2') {
PgCommon::set_conf_value $version, $cluster, 'postgresql.conf',
'ssl_crl_file', '/etc/postgresql-common/root.crl';
} else {
symlink '/etc/postgresql-common/root.crl', $datadir.'/root.crl';
}
}
# create default (empty) environment file
open ENV, ">$confdir/environment" or error "could not create environment file";
print ENV "# environment variables for postmaster process
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment