This patch attempts to outline the supported level of SSL within libpq. I haven't mentioned any of ~/.postgresql/{root.crt,postgresql.crt,postresql.key} even though they are checked for in the code, since they do not appear to be supported. I base this on discussions in pgsql-hackers.
-Dom
Index: doc/src/sgml/libpq.sgml =================================================================== RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/libpq.sgml,v retrieving revision 1.162 diff -u -r1.162 libpq.sgml --- doc/src/sgml/libpq.sgml 19 Aug 2004 16:39:13 -0000 1.162 +++ doc/src/sgml/libpq.sgml 22 Sep 2004 21:56:14 -0000 @@ -240,6 +240,15 @@ connection.<indexterm><primary>SSL</><secondary sortas="libpq">with libpq</></indexterm> </para> + + <para> + Please note that <acronym>SSL</> support in libpq covers + encryption only. It will not verify the validity of the + certificate presented by the server that you are connecting to, + nor verify that the hostname matches that of the server's + certificate. Additionally, there is no support for client + certificates. + </para> </listitem> </varlistentry>
---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly