This patch attempts to outline the supported level of SSL within libpq.

bmomjian · bmomjian · commit fa6fa8e54984 · 2004-09-23T13:31:09.000Z
I haven't mentioned any of
~/.postgresql/{root.crt,postgresql.crt,postresql.key} even though they
are checked for in the code, since they do not appear to be supported. I
base this on discussions in pgsql-hackers.

Dominic Mitchell
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.162 2004/08/19 16:39:13 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.163 2004/09/23 13:31:09 momjian Exp $
 -->
 
  <chapter id="libpq">
@@ -240,6 +240,15 @@ PGconn *PQconnectdb(const char *conninfo);
        connection.<indexterm><primary>SSL</><secondary
        sortas="libpq">with libpq</></indexterm>
       </para>
+
+      <para>
+       Please note that <acronym>SSL</> support in libpq covers
+       encryption only.  It will not verify the validity of the
+       certificate presented by the server that you are connecting to,
+       nor verify that the hostname matches that of the server's
+       certificate.  Additionally, there is no support for client
+       certificates.
+      </para>
      </listitem>
     </varlistentry>
 
