1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
|
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>28.14.SSL Support</title>
<link rel="stylesheet" href="stylesheet.css" type="text/css">
<link rev="made" href="pgsql-docs@postgresql.org">
<meta name="generator" content="DocBook XSL Stylesheets V1.70.0">
<link rel="start" href="index.html" title="PostgreSQL 8.1.4 Documentation">
<link rel="up" href="libpq.html" title="Chapter28.libpq - C Library">
<link rel="prev" href="libpq-pgservice.html" title="28.13.The Connection Service File">
<link rel="next" href="libpq-threading.html" title="28.15.Behavior in Threaded Programs">
<link rel="copyright" href="ln-legalnotice.html" title="Legal Notice">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="libpq-ssl"></a>28.14.SSL Support</h2></div></div></div>
<a name="id686733"></a><p> <span class="productname">PostgreSQL</span> has native support for using
<acronym class="acronym">SSL</acronym> connections to encrypt client/server communications
for increased security. See <a href="ssl-tcp.html" title="16.7.Secure TCP/IP Connections with SSL">Section16.7, “Secure TCP/IP Connections with SSL”</a> for details
about the server-side <acronym class="acronym">SSL</acronym> functionality.
</p>
<p> If the server demands a client certificate,
<span class="application">libpq</span>
will send the certificate stored in file
<code class="filename">~/.postgresql/postgresql.crt</code> within the user's home directory.
A matching private key file <code class="filename">~/.postgresql/postgresql.key</code>
must also be present, and must not be world-readable.
(On Microsoft Windows these files are named
<code class="filename">%APPDATA%\postgresql\postgresql.crt</code> and
<code class="filename">%APPDATA%\postgresql\postgresql.key</code>.)
</p>
<p> If the file <code class="filename">~/.postgresql/root.crt</code> is present in the user's
home directory,
<span class="application">libpq</span> will use the certificate list stored
therein to verify the server's certificate.
(On Microsoft Windows the file is named
<code class="filename">%APPDATA%\postgresql\root.crt</code>.)
The SSL connection will
fail if the server does not present a certificate; therefore, to
use this feature the server must also have a <code class="filename">root.crt</code> file.
</p>
<p> If you are using <acronym class="acronym">SSL</acronym> inside your application (in addition to
inside <span class="application">libpq</span>), you can use <code class="function">PQinitSSL(int)</code>
to tell <span class="application">libpq</span> that the <acronym class="acronym">SSL</acronym> library
has already been initialized by your application.
</p>
</div></body>
</html>
|