Doc: Fix misleading wording of CRL parameters

danielgustafsson · danielgustafsson · commit 7b0643c77b46 · 2021-12-03T14:15:50.000+01:00
ssl_crl_file and ssl_crl_dir are both used to for client certificate revocation, not server certificates. The description for the params could be easily misread to mean the opposite however, as evidenced by the bugreport leading to this fix. Similarly, expand sslcrl and and sslcrldir to explicitly mention server certificates. While there also mention sslcrldir where previously only sslcrl was discussed. Backpatch down to v10, with the CRL dir fixes down to 14 where they were introduced. Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com> Reviewed-by: Peter Eisentraut <peter.eisentraut@enterprisedb.com> Discussion: https://postgr.es/m/20211202.135441.590555657708629486.horikyota.ntt@gmail.com Discussion: https://postgr.es/m/CABWY_HCBUCjY1EJHrEGePGEaSZ5b29apgTohCyygtsqe_ySYng@mail.gmail.com Backpatch-through: 10
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
@@ -1143,7 +1143,7 @@ include_dir 'conf.d'
       </term>
       <listitem>
        <para>
-        Specifies the name of the file containing the SSL server certificate
+        Specifies the name of the file containing the SSL client certificate
         revocation list (CRL).
         Relative paths are relative to the data directory.
         This parameter can only be set in the <filename>postgresql.conf</filename>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
@@ -1519,7 +1519,7 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
       <term><literal>sslcrl</literal></term>
       <listitem>
        <para>
-        This parameter specifies the file name of the SSL certificate
+        This parameter specifies the file name of the SSL server certificate
         revocation list (CRL).  Certificates listed in this file, if it
         exists, will be rejected while attempting to authenticate the
         server's certificate.  The default is
