From f3b507c8c7ac585981b800a489e6101c6ac317be Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Mon, 11 May 2009 09:00:10 +0000 Subject: [PATCH] Edit the SSL and Kerberos parts of the release notes a bit, and add a note about the certificates chains patch just applied. --- doc/src/sgml/release-8.4.sgml | 45 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml index be3d1d9cb0..78778dedd3 100644 --- a/doc/src/sgml/release-8.4.sgml +++ b/doc/src/sgml/release-8.4.sgml @@ -1,4 +1,4 @@ - + @@ -714,7 +714,7 @@ - Authentication + Authentication and security @@ -738,6 +738,19 @@ + + + Support SSL certificate chains in server certificate + file (Andrew Gierth) + + + + Including the full certificate chain makes the client able + to verify the certificate without having all intermediate CA + certificates present in the local store, which is often the case for + commercial CAs. + + @@ -2616,6 +2629,16 @@ + + + Make Kerberos use the same method to determine the username of the + client as all other authentication methods (Magnus) + + + + Previously a special Kerberos-only API was used. + + @@ -2637,11 +2660,25 @@ connections. If a root certificate is not available to use for verification, SSL connections will fail. The sslmode parameter is used to enable the certificate - verification. + verification and set the level. + + + + The default is still not to do any verification, allowing connections + to SSL enabled servers without requiring a root certificate on the + client. + + + + + + Support wildcard server certificates (Magnus) - The default is still not to do any verification. + If a certificate CN starts with *, it will + be treated as a wildcard when matching the hostname, allowing the + use of the same certificate for multiple servers. -- 2.11.0