NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit05c4ef6

committed

Note that sslmode=require verifies the CA if root cert is present

This mode still exists for backwards compatibility, makingsslmode=require the same as sslmode=verify-ca when the file is present,but not causing an error when it isn't.Per bug 6189, reported by Srinivas Aji

1 parent23f7df5 commit05c4ef6Copy full SHA for 05c4ef6

File tree

1 file changed

+15

-1

lines changed

doc/src/sgml
- libpq.sgml

1 file changed

+15

-1

lines changed

`‎doc/src/sgml/libpq.sgml`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -391,7 +391,9 @@ PGconn PQconnectdbParams(const char keywords, const char *values, int expand`
`391`	`391`
`392`	`392`	`<row>`
`393`	`393`	`<entry><literal>require</></entry>`
`394`		`- <entry>only try an <acronym>SSL</> connection</entry>`
	`394`	`+ <entry>only try an <acronym>SSL</> connection. If a root CA`
	`395`	`+ file is present, verify the certificate in the same way as`
	`396`	`+ if <literal>verify-ca</literal> was specified</entry>`
`395`	`397`	`</row>`
`396`	`398`
`397`	`399`	`<row>`
`@@ -6512,6 +6514,18 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)`
`6512`	`6514`	`the connection parameters <literal>sslrootcert</> and <literal>sslcrl</>`
`6513`	`6515`	`or the environment variables <envar>PGSSLROOTCERT</> and <envar>PGSSLCRL</>.`
`6514`	`6516`	`</para>`
	`6517`	`+`
	`6518`	`+ <note>`
	`6519`	`+ <para>`
	`6520`	`+ For backwards compatibility with earlier versions of PostgreSQL, if a`
	`6521`	`+ root CA file exists, the behavior of`
	`6522`	`+ <literal>sslmode</literal>=<literal>require</literal> will be the same`
	`6523`	`+ as that of <literal>verify-ca</literal>, meaning the sever certificate`
	`6524`	`+ is validated against the CA. Relying on this behavior is discouraged,`
	`6525`	`+ and applications that need certificate validation should always use`
	`6526`	`+ <literal>validate-ca</literal> or <literal>validate-full</literal>.`
	`6527`	`+ </para>`
	`6528`	`+ </note>`
`6515`	`6529`	`</sect2>`
`6516`	`6530`
`6517`	`6531`	`<sect2 id="libpq-ssl-clientcert">`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit05c4ef6

File tree

1 file changed

1 file changed

`‎doc/src/sgml/libpq.sgml`

0 commit comments