Documentation for wildcard certificates patch

author Magnus Hagander <magnus@hagander.net>

Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)

committer Magnus Hagander <magnus@hagander.net>

Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
author Magnus Hagander <magnus@hagander.net>
Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
committer Magnus Hagander <magnus@hagander.net>
Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml

index e1a1d5a1c58af7a03ae1e2d62f3cc64f1f12ea94..a9d0d98d04d3ce8164f26a41b78210824a3a1607 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.271 2008/11/25 19:30:42 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.272 2008/12/02 12:42:11 mha Exp $ -->
  
  <chapter id="libpq">
   <title><application>libpq</application> - C Library</title>
@@ -283,6 +283,15 @@
             only if the certificate also has just the IP address in the
             <literal>cn</> field.
            </para>
+
+          <para>
+           If the <literal>cn</> attribute in the certificate sent by the
+           server starts with an asterisk (<literal>*</>), it will be treated
+           as a wildcard. This wildcard can only be present at the start of
+           the value, and will match all characters <emphasis>except</> a
+           dot (<literal>.</>). This means the certificate will not match
+           subdomains.
+          </para>
           </listitem>
          </varlistentry>
author	Magnus Hagander <magnus@hagander.net>
	Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
committer	Magnus Hagander <magnus@hagander.net>
	Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)