- publishing free software manuals
PostgreSQL Reference Manual - Volume 2 - Programming Guide
by The PostgreSQL Global Development Group
Paperback (6"x9"), 408 pages
ISBN 0954612035
RRP £19.95 ($34.95)

Sales of this book support the PostgreSQL project! Get a printed copy>>>

1.16 SSL Support

PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security. See Volume 3: Secure TCP/IP Connections with SSL for details about the server-side SSL functionality.

If the server demands a client certificate, libpq will send the certificate stored in file ‘~/.postgresql/postgresql.crt’ within the user's home directory. A matching private key file ‘~/.postgresql/postgresql.key’ must also be present, and must not be world-readable. (On Microsoft Windows these files are named ‘%APPDATA%\postgresql\postgresql.crt’ and ‘%APPDATA%\postgresql\postgresql.key’.)

If the file ‘~/.postgresql/root.crt’ is present in the user's home directory, libpq will use the certificate list stored therein to verify the server's certificate. (On Microsoft Windows the file is named ‘%APPDATA%\postgresql\root.crt’.) The SSL connection will fail if the server does not present a certificate; therefore, to use this feature the server must also have a ‘root.crt’ file. Certificate Revocation List (CRL) entries are also checked if the file ‘~/.postgresql/root.crl’ exists (‘%APPDATA%\postgresql\root.crl’ on Microsoft Windows).

If you are using SSL inside your application (in addition to inside libpq), you can use PQinitSSL(int) to tell libpq that the SSL library has already been initialized by your application.

ISBN 0954612035PostgreSQL Reference Manual - Volume 2 - Programming GuideSee the print edition