[Pgpool-hackers] [PATCH 2/3] Add (English) documentation on new SSL configuration options.

[Sean Finney]

---
 doc/pgpool-en.html |   58 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/doc/pgpool-en.html b/doc/pgpool-en.html
index a9e0179..f3b8d2f 100644
--- a/doc/pgpool-en.html
+++ b/doc/pgpool-en.html
@@ -118,8 +118,10 @@ Also packages are provided for various platforms including CentOS, RedHat Enterp
 </p>
 
 <p>Installing pgpool-II from source code requires gcc 2.9 or higher, and GNU
-make. Also, pgpool-II links libpq library, so it must be installed on
-a machine used to build pgpool-II.</p>
+make. Also, pgpool-II links libpq library, so the libpq library and development
+headers must be installed on a machine used to build pgpool-II.  Additionally
+the OpenSSL library and development headers must be present in order to
+enable OpenSSL support in pgpool-II</p>
 
 <dl>
 <dt>configure</dt>
@@ -140,6 +142,9 @@ directory. Default value is <code>/usr/local</code></li>
   <li><code>--with-pgsql=path</code><br/>
       Top directory where PostgreSQL's client libraries are
 installed. Default value is obtained by <code>pg_config</code></li>
+  <li><code>--with-openssl</code><br/>
+      pgpool-II binaries will be built with OpenSSL support.  The default
+      is that OpenSSL support is disabled.</li>
 </ul>
 </p>
 </dd>
@@ -670,9 +675,58 @@ You need to reload pgpool.conf if you change the value.
       </p>
   </dd>
 
+  <dt>ssl</dt>
+  <dd>
+      <p>
+      If true, enable SSL support for both the frontend and backend
+      connections.  Note that <code>ssl_key</code> and <code>ssl_cert</code>
+      must also be set in order for SSL to work in the frontend connections.
+      </p>
+
+      <p>
+      The default is that SSL is off.  Note that OpenSSL support must also
+      have been configured at compilation time, as mentioned in the
+      <a href="#install">installation</a> section.
+      </p>
+
+      <p>
+      The pgpool-II daemon must be restarted when updating SSL related settings.
+      </p>
+  </dd>
+
+  <dt>ssl_key</dt>
+  <dd>
+      <p>
+      The path to the private key file to use for incoming frontend connections.
+      </p>
 
+      <p>
+      There is no default value for this option, and if left unset SSL will
+      be disabled for incoming frontend connections.
+      </p>
+  </dd>
+
+  <dt>ssl_cert</dt>
+  <dd>
+      <p>
+      The path to the public x509 certificate file to use for incoming 
+      frontend connections.
+      </p>
+
+      <p>
+      There is no default value for this option, and if left unset SSL will
+      be disabled for incoming frontend connections.
+      </p>
+  </dd>
 </dl>
 
+<h4>Generating SSL certificates</h4>
+
+Certificate handling is outside the scope of this document.  The
+<a href="http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html">
+Secure TCP/IP Connections with SSL</a> page at postgresql.org has pointers
+with sample commands for how to generate self-signed certificates.
+
 <h4><p>Failover in the raw Mode</p></h4>
 
 <p>Failover can be performed in the raw mode if multiple servers are
-- 
1.6.6