Documentation for wildcard certificates patch

author Magnus Hagander <magnus@hagander.net>

Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)

committer Magnus Hagander <magnus@hagander.net>

Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
author Magnus Hagander <magnus@hagander.net>
Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
committer Magnus Hagander <magnus@hagander.net>
Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml

index cebeb0467244762f303abfd52b2f944aca1e200a..b1cf7a1b5f645cdb1d0408542408dbb7d100e21e 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -283,6 +283,15 @@
             only if the certificate also has just the IP address in the
             <literal>cn</> field.
            </para>
+
+          <para>
+           If the <literal>cn</> attribute in the certificate sent by the
+           server starts with an asterisk (<literal>*</>), it will be treated
+           as a wildcard. This wildcard can only be present at the start of
+           the value, and will match all characters <emphasis>except</> a
+           dot (<literal>.</>). This means the certificate will not match
+           subdomains.
+          </para>
           </listitem>
          </varlistentry>
author	Magnus Hagander <magnus@hagander.net>
	Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)
committer	Magnus Hagander <magnus@hagander.net>
	Tue, 2 Dec 2008 12:42:11 +0000 (12:42 +0000)