8000 Document use of Subject Alternative Names in SSL server certificates. · home201448/postgres@3ac806c · GitHub
[go: up one dir, main page]

Skip to content
8000

Commit 3ac806c

Browse files
committed
Document use of Subject Alternative Names in SSL server certificates.
Commit acd08d7 did not bother with updating the documentation.
1 parent ddd7813 commit 3ac806c

File tree

1 file changed

+6
-4
lines changed

1 file changed

+6
-4
lines changed

doc/src/sgml/libpq.sgml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7252,10 +7252,12 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
72527252
</para>
72537253

72547254
<para>
7255-
In <literal>verify-full</> mode, the <literal>cn</> (Common Name) attribute
7256-
of the certificate is matched against the host name. If the <literal>cn</>
7257-
attribute starts with an asterisk (<literal>*</>), it will be treated as
7258-
a wildcard, and will match all characters <emphasis>except</> a dot
7255+
In <literal>verify-full</> mode, the host name is matched against the
7256+
certificate's Subject Alternative Name attribute(s), or against the
7257+
Common Name attribute if no Subject Alternative Name of type dNSName is
7258+
present. If the certificate's name attribute starts with an asterisk
7259+
(<literal>*</>), the asterisk will be treated as
7260+
a wildcard, which will match all characters <emphasis>except</> a dot
72597261
(<literal>.</>). This means the certificate will not match subdomains.
72607262
If the connection is made using an IP address instead of a host name, the
72617263
IP address will be matched (without doing any DNS lookups).

0 commit comments

Comments
 (0)
0