This patch attempts to outline the supported level of SSL within libpq.
I haven't mentioned any of
~/.postgresql/{root.crt,postgresql.crt,postresql.key} even though they
are checked for in the code, since they do not appear to be supported.
I base this on discussions in pgsql-hackers.

Index: doc/src/sgml/libpq.sgml
RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/libpq.sgml,v
retrieving revision 1.162
diff -u -r1.162 libpq.sgml
--- doc/src/sgml/libpq.sgml     19 Aug 2004 16:39:13 -0000      1.162
+++ doc/src/sgml/libpq.sgml     22 Sep 2004 21:56:14 -0000
@@ -240,6 +240,15 @@
        sortas="libpq">with libpq</></indexterm>
+      <para>
+       Please note that <acronym>SSL</> support in libpq covers
+       encryption only.  It will not verify the validity of the
+       certificate presented by the server that you are connecting to,
+       nor verify that the hostname matches that of the server's
+       certificate.  Additionally, there is no support for client
+       certificates.
+      </para>
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to