Documentation for wildcard certificates patch

2008-12-02 12:42:11 +00:00 · 2008-12-02 12:42:11 +00:00 · b0729b8d4e
commit b0729b8d4e
parent b64d966deb
1 changed files with 10 additions and 1 deletions
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.271 2008/11/25 19:30:42 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.272 2008/12/02 12:42:11 mha Exp $ -->

 <chapter id="libpq">
 <title><application>libpq</application> - C Library</title>
@ -283,6 +283,15 @@
           only if the certificate also has just the IP address in the
           <literal>cn</> field.
          </para>
+
+          <para>
+           If the <literal>cn</> attribute in the certificate sent by the
+           server starts with an asterisk (<literal>*</>), it will be treated
+           as a wildcard. This wildcard can only be present at the start of
+           the value, and will match all characters <emphasis>except</> a
+           dot (<literal>.</>). This means the certificate will not match
+           subdomains.
+          </para>
         </listitem>
        </varlistentry>