Fix markup, spelling, grammar, and explanations for SSLKEY patch.

5ce7599b · Tom Lane · 7f1d68a4 · 5ce7599b · 5ce7599b · 5ce7599b
Commit 5ce7599b authored Feb 16, 2007 by Tom Lane
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 34 deletions

doc/src/sgml/config.sgml doc/src/sgml/config.sgml +5 -5

doc/src/sgml/libpq.sgml doc/src/sgml/libpq.sgml +18 -18

doc/src/sgml/runtime.sgml doc/src/sgml/runtime.sgml +8 -11

No files found.
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
-<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.111 2007/02/16 02:59:40 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.112 2007/02/16 16:37:29 tgl Exp $ -->

 <chapter Id="runtime-config">
  <title>Server Configuration</title>
@@ -569,15 +569,15 @@ SET ENABLE_SEQSCAN TO OFF;
      </listitem>
     </varlistentry>

-     <varlistentry id="guc-ssl-ciphers" xreflabel="ssl-ciphers">
-      <term><varname>ssl_ciphers> (<type>string</type>)</term>
+     <varlistentry id="guc-ssl-ciphers" xreflabel="ssl_ciphers">
+      <term><varname>ssl_ciphers</varname> (<type>string</type>)</term>
      <indexterm>
       <primary><varname>ssl_ciphers</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
-        Specifies a list of <acronym>SSL</> ciphers which can be used to
-        establish secure connections. See the <application>openssl</>
+        Specifies a list of <acronym>SSL</> ciphers that are allowed to be
+        used on secure connections. See the <application>openssl</>
        manual page for a list of supported ciphers.
       </para>
      </listitem>

--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.230 2007/02/16 03:50:29 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.231 2007/02/16 16:37:29 tgl Exp $ -->

 <chapter id="libpq">
  <title><application>libpq</application> - C Library</title>
@@ -4178,10 +4178,11 @@ setting, and is only available if
 <primary><envar>PGSSLKEY</envar></primary>
 </indexterm>
 <envar>PGSSLKEY</envar>
-specifies the hardware token which stores the secret key for the client
-certificate, instead of a file. The value of this variable should consist
+specifies the hardware token that stores the secret key for the client
+certificate. The value of this variable should consist
 of a colon-separated engine name (engines are <productname>OpenSSL</>
-loadable modules) and an engine-specific key identifier.
+loadable modules) and an engine-specific key identifier.  If this is not
+set, the secret key must be kept in a file.
 </para>
 </listitem>
 <listitem>
@@ -4450,30 +4451,29 @@ ldap://ldap.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=mydatabase)
   for increased security. See <xref linkend="ssl-tcp"> for details
   about the server-side <acronym>SSL</> functionality.
  </para>
+
  <para>
-  <application>libpq</application> reads the system-wide
-  <productname>OpenSSL</productname> configuration file. By default, this
-  file is named <filename>openssl.cnf</filename> and is located in the
-  directory reported by <application>openssl</>:
-  <programlisting>
-  openssl version -d
-  </programlisting>
-  The default can be overriden by setting environment variable
-  <envar>OPENSSL_CONF</envar> to the name of the desired configuration
-  file.
+   <application>libpq</application> reads the system-wide
+   <productname>OpenSSL</productname> configuration file. By default, this
+   file is named <filename>openssl.cnf</filename> and is located in the
+   directory reported by <literal>openssl version -d</>.
+   This default can be overridden by setting environment variable
+   <envar>OPENSSL_CONF</envar> to the name of the desired configuration
+   file.
  </para>
+
  <para>
   If the server demands a client certificate, 
   <application>libpq</application>
   will send the certificate stored in file
   <filename>~/.postgresql/postgresql.crt</> within the user's home directory.
   A matching private key file <filename>~/.postgresql/postgresql.key</>
-   must also be present, and must not be world-readable, unless the secret
-   key is stored in a hardware token, as specified by
-   <envar>PGSSLKEY</envar>.
+   must also be present, unless the secret key for the certificate is stored
+   in a hardware token, as specified by <envar>PGSSLKEY</envar>.
   (On Microsoft Windows these files are named
   <filename>%APPDATA%\postgresql\postgresql.crt</filename> and
   <filename>%APPDATA%\postgresql\postgresql.key</filename>.)
+   The private key file must not be world-readable.
  </para>

  <para>
@@ -4481,7 +4481,7 @@ ldap://ldap.mycompany.com/dc=mycompany,dc=com?uniqueMember?one?(cn=mydatabase)
   should consist of a colon-separated engine name and key identifier. In
   this case, <application>libpq</application> will load the specified
   engine, i.e. the <productname>OpenSSL</> module which supports special
-   hardware and reference the key with the specified identifier.
+   hardware, and reference the key with the specified identifier.
   Identifiers are engine-specific. Typically, cryptography hardware tokens
   do not reveal secret keys to the application. Instead, applications
   delegate all cryptography operations which require the secret key to

--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
-<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.377 2007/02/16 02:59:40 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.378 2007/02/16 16:37:29 tgl Exp $ -->

 <chapter Id="runtime">
 <title>Operating System Environment</title>
@@ -1518,20 +1518,17 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput
  <para>
   <productname>OpenSSL</productname> supports a wide range of ciphers
   and authentication algorithms, whose strength varies significantly.
-   You can restrict the list of ciphers which can be used to connect to
-   your server using the <xref linkend="guc-ssl-ciphers"> parameter.
+   You can restrict the list of ciphers that can be used to connect to
+   your server by adjusting the <xref linkend="guc-ssl-ciphers"> parameter.
  </para>

  <para>
-   <productname>PostgreSQL</productname> reads a system-wide
-   <productname>OpenSSL</productname> configuration file. By default this
+   <productname>PostgreSQL</productname> reads the system-wide
+   <productname>OpenSSL</productname> configuration file. By default, this
   file is named <filename>openssl.cnf</filename> and is located in the
-   directory reported by <application>openssl</>:
-   <programlisting>
-   openssl version -d
-   </programlisting>
-   This default can be overriden by setting environment variable
-   <envar>OPENSSL_CONF</envar> to the name of desired configuration file.
+   directory reported by <literal>openssl version -d</>.
+   This default can be overridden by setting environment variable
+   <envar>OPENSSL_CONF</envar> to the name of the desired configuration file.
  </para>

  <para>