Document use of Subject Alternative Names in SSL server certificates.

Commit acd08d764 did not bother with updating the documentation.

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 79047b376113374f42717074d1f610291405152b..9e21e3d6fd35e7252e25f3d7b437bc31d6bbfcd9 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -7252,10 +7252,12 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
   
 
   
-   In verify-full mode, the cn (Common Name) attribute
-   of the certificate is matched against the host name. If the cn
-   attribute starts with an asterisk (*), it will be treated as
-   a wildcard, and will match all characters except a dot
+   In verify-full mode, the host name is matched against the
+   certificate's Subject Alternative Name attribute(s), or against the
+   Common Name attribute if no Subject Alternative Name of type dNSName is
+   present.  If the certificate's name attribute starts with an asterisk
+   (*), the asterisk will be treated as
+   a wildcard, which will match all characters except a dot
    (.). This means the certificate will not match subdomains.
    If the connection is made using an IP address instead of a host name, the
    IP address will be matched (without doing any DNS lookups).