This patch attempts to outline the supported level of SSL within libpq.
I haven't mentioned any of
~/.postgresql/{root.crt,postgresql.crt,postresql.key} even though they
are checked for in the code, since they do not appear to be supported.
I base this on discussions in pgsql-hackers.
-Dom
Index: doc/src/sgml/libpq.sgml
===================================================================
RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/libpq.sgml,v
retrieving revision 1.162
diff -u -r1.162 libpq.sgml
--- doc/src/sgml/libpq.sgml 19 Aug 2004 16:39:13 -0000 1.162
+++ doc/src/sgml/libpq.sgml 22 Sep 2004 21:56:14 -0000
@@ -240,6 +240,15 @@
connection.<indexterm><primary>SSL</><secondary
sortas="libpq">with libpq</></indexterm>
</para>
+
+ <para>
+ Please note that <acronym>SSL</> support in libpq covers
+ encryption only. It will not verify the validity of the
+ certificate presented by the server that you are connecting to,
+ nor verify that the hostname matches that of the server's
+ certificate. Additionally, there is no support for client
+ certificates.
+ </para>
</listitem>
</varlistentry>
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
