Commit e2da41e3 authored by Christoph Berg's avatar Christoph Berg

pg_createcluster: For 9.2 and higher, use the new ssl_ca_file

option instead of creating a root.crt symlink in the data directory.
(Related to the fix for #680162 below.)
parent f72cf490
postgresql-common (141) UNRELEASED; urgency=low
* pg_createcluster: For 9.2 and higher, use the new ssl_ca_file
option instead of creating a root.crt symlink in the data directory.
(Related to the fix for #680162 below.)
-- Christoph Berg <myon@debian.org> Fri, 01 Feb 2013 10:51:05 +0100
postgresql-common (140) experimental; urgency=low
[ Martin Pitt ]
......
......@@ -45,16 +45,15 @@ Please fix this and reinstall this package." >&2
cat > "$SSL_ROOT" <<EOF
This is a dummy root certificate file for PostgreSQL. To enable client side
authentication, add some certificates to it. Client certificates must be signed
with any certificate in this file to be accepted.
with any certificate in this file to be accepted.
A reasonable choice is to just symlink this file to
/etc/ssl/certs/ssl-cert-snakeoil.pem; in this case, client certificates need to
be signed by the postgresql server certificate, which might be desirable in
many cases. See
many cases. See chapter "Server Setup and Operation" in the PostgreSQL
documentation for details (in package postgresql-doc-9.2).
file:///usr/share/doc/postgresql-doc-8.3/html/ssl-tcp.html
for details (in package postgresql-doc-8.3).
file:///usr/share/doc/postgresql-doc-9.2/html/ssl-tcp.html
EOF
fi
......
......@@ -466,14 +466,19 @@ if ($newcluster && -e '/etc/postgresql-common/root.crt') {
my $val;
read F, $val, 4096;
if ($val =~ /^-----BEGIN CERTIFICATE-----/m) {
symlink '/etc/postgresql-common/root.crt', $datadir.'/root.crt';
if ($version >= '9.2') {
PgCommon::set_conf_value $version, $cluster, 'postgresql.conf',
'ssl_ca_file', '/etc/postgresql-common/root.crt';
} else {
symlink '/etc/postgresql-common/root.crt', $datadir.'/root.crt';
}
}
}
# create default (empty) environment file
open ENV, ">$confdir/environment" or error "could not create environment file";
print ENV "# environment variables for postmaster process
# This file has the same syntax as postgresql.conf:
# This file has the same syntax as postgresql.conf:
# VARIABLE = simple_value
# VARIABLE2 = 'any value!'
# I. e. you need to enclose any value which does not only consist of letters,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment