This patch attempts to outline the supported level of SSL within libpq.

I haven't mentioned any of
~/.postgresql/{root.crt,postgresql.crt,postresql.key} even though they
are checked for in the code, since they do not appear to be supported. I
base this on discussions in pgsql-hackers.

Dominic Mitchell

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 3b340364b5e66393bc382d19143b4034880a5422..e39302e178c036d32260e924b0c8a72390593a88 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.162 2004/08/19 16:39:13 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.163 2004/09/23 13:31:09 momjian Exp $
 -->
 
  <chapter id="libpq">
@@ -240,6 +240,15 @@ PGconn *PQconnectdb(const char *conninfo);
        connection.<indexterm><primary>SSL</><secondary
        sortas="libpq">with libpq</></indexterm>
       </para>
+
+      <para>
+       Please note that <acronym>SSL</> support in libpq covers
+       encryption only.  It will not verify the validity of the
+       certificate presented by the server that you are connecting to,
+       nor verify that the hostname matches that of the server's
+       certificate.  Additionally, there is no support for client
+       certificates.
+      </para>
      </listitem>
     </varlistentry>