From d534456b126e612bf8fd5a11aa5b302fedfd3f46 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Tue, 2 Dec 2008 12:42:11 +0000
Subject: [PATCH] Documentation for wildcard certificates patch

---
 doc/src/sgml/libpq.sgml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index cebeb04672..b1cf7a1b5f 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -283,6 +283,15 @@
            only if the certificate also has just the IP address in the
            <literal>cn</> field.
           </para>
+
+          <para>
+           If the <literal>cn</> attribute in the certificate sent by the
+           server starts with an asterisk (<literal>*</>), it will be treated
+           as a wildcard. This wildcard can only be present at the start of
+           the value, and will match all characters <emphasis>except</> a
+           dot (<literal>.</>). This means the certificate will not match
+           subdomains.
+          </para>
          </listitem>
         </varlistentry>
 
-- 
2.39.5