File: libpq-ssl.html

package info (click to toggle)
pgadmin3 1.4.3-2
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 29,796 kB
  • ctags: 10,758
  • sloc: cpp: 55,356; sh: 6,164; ansic: 1,520; makefile: 576; sql: 482; xml: 100; perl: 18
file content (48 lines) | stat: -rw-r--r-- 2,941 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>28.14.SSL Support</title>
<link rel="stylesheet" href="stylesheet.css" type="text/css">
<link rev="made" href="pgsql-docs@postgresql.org">
<meta name="generator" content="DocBook XSL Stylesheets V1.70.0">
<link rel="start" href="index.html" title="PostgreSQL 8.1.4 Documentation">
<link rel="up" href="libpq.html" title="Chapter28.libpq - C Library">
<link rel="prev" href="libpq-pgservice.html" title="28.13.The Connection Service File">
<link rel="next" href="libpq-threading.html" title="28.15.Behavior in Threaded Programs">
<link rel="copyright" href="ln-legalnotice.html" title="Legal Notice">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="libpq-ssl"></a>28.14.SSL Support</h2></div></div></div>
<a name="id686733"></a><p>   <span class="productname">PostgreSQL</span> has native support for using
   <acronym class="acronym">SSL</acronym> connections to encrypt client/server communications
   for increased security. See <a href="ssl-tcp.html" title="16.7.Secure TCP/IP Connections with SSL">Section16.7, &#8220;Secure TCP/IP Connections with SSL&#8221;</a> for details
   about the server-side <acronym class="acronym">SSL</acronym> functionality.
  </p>
<p>   If the server demands a client certificate, 
   <span class="application">libpq</span>
   will send the certificate stored in file
   <code class="filename">~/.postgresql/postgresql.crt</code> within the user's home directory.
   A matching private key file <code class="filename">~/.postgresql/postgresql.key</code>
   must also be present, and must not be world-readable.
   (On Microsoft Windows these files are named
   <code class="filename">%APPDATA%\postgresql\postgresql.crt</code> and
   <code class="filename">%APPDATA%\postgresql\postgresql.key</code>.)
  </p>
<p>   If the file <code class="filename">~/.postgresql/root.crt</code> is present in the user's
   home directory,
   <span class="application">libpq</span> will use the certificate list stored
   therein to verify the server's certificate.
   (On Microsoft Windows the file is named
   <code class="filename">%APPDATA%\postgresql\root.crt</code>.)
   The SSL connection will
   fail if the server does not present a certificate; therefore, to
   use this feature the server must also have a <code class="filename">root.crt</code> file.
  </p>
<p>   If you are using <acronym class="acronym">SSL</acronym> inside your application (in addition to
   inside <span class="application">libpq</span>), you can use <code class="function">PQinitSSL(int)</code>
   to tell <span class="application">libpq</span> that the <acronym class="acronym">SSL</acronym> library
   has already been initialized by your application.
  </p>
</div></body>
</html>