-
+
-
Authentication
+
Authentication<span class="marked"> and security</span>
+
+ Support
SSL certificate chains in server certificate+ file (Andrew Gierth)
+
+
+ Including the full certificate chain makes the client able
+ to verify the certificate without having all intermediate CA
+ certificates present in the local store, which is often the case for
+ commercial CAs.
+
+
+
+ Make Kerberos use the same method to determine the username of the
+ client as all other authentication methods (Magnus)
+
+
+ Previously a special Kerberos-only API was used.
+
+
connections. If a root certificate is not available to use for
verification,
SSL connections will fail. The sslmode parameter is used to enable the certificate
- verification.
+ verification and set the level.
+
+
+ The default is still not to do any verification, allowing connections
+ to SSL enabled servers without requiring a root certificate on the
+ client.
+
+
+
+
+ Support wildcard server certificates (Magnus)
- The default is still not to do any verification.
+ If a certificate
CN starts with *, it will+ be treated as a wildcard when matching the hostname, allowing the
+ use of the same certificate for multiple servers.
projects / postgresql.git / commitdiff