diff options
| author | Jeff Davis <jdavis@postgresql.org> | 2019-09-23 13:45:23 -0700 |
|---|---|---|
| committer | Jeff Davis <jdavis@postgresql.org> | 2019-09-23 14:03:35 -0700 |
| commit | d6e612f837e235db0411e8b67558c9a6b3e9f41f (patch) | |
| tree | a677e3cfdfc4f086b5272dcae746af4243d3ea2e /doc/src | |
| parent | 13cd97e6c8c9679a9b2384c22a4f0333b1a5cc55 (diff) | |
| download | postgresql-d6e612f837e235db0411e8b67558c9a6b3e9f41f.tar.gz postgresql-d6e612f837e235db0411e8b67558c9a6b3e9f41f.zip | |
Add libpq parameter 'channel_binding'.
Allow clients to require channel binding to enhance security against
untrusted servers.
Author: Jeff Davis
Reviewed-by: Michael Paquier
Discussion: https://postgr.es/m/227015d8417f2b4fef03f8966dbfa5cbcc4f44da.camel%40j-davis.com
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 1189341ca15..c58527b0c3b 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1122,6 +1122,28 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname </listitem> </varlistentry> + <varlistentry id="libpq-connect-channel-binding" xreflabel="channel_binding"> + <term><literal>channel_binding</literal></term> + <listitem> + <para> + This option controls the client's use of channel binding. A setting + of <literal>require</literal> means that the connection must employ + channel binding, <literal>prefer</literal> means that the client will + choose channel binding if available, and <literal>disable</literal> + prevents the use of channel binding. The default + is <literal>prefer</literal> if + <productname>PostgreSQL</productname> is compiled with SSL support; + otherwise the default is <literal>disable</literal>. + </para> + <para> + Channel binding is a method for the server to authenticate itself to + the client. It is only supported over SSL connections + with <productname>PostgreSQL</productname> 11 or later servers using + the <literal>SCRAM</literal> authentication method. + </para> + </listitem> + </varlistentry> + <varlistentry id="libpq-connect-connect-timeout" xreflabel="connect_timeout"> <term><literal>connect_timeout</literal></term> <listitem> @@ -6867,6 +6889,16 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough) <listitem> <para> <indexterm> + <primary><envar>PGCHANNELBINDING</envar></primary> + </indexterm> + <envar>PGCHANNELBINDING</envar> behaves the same as the <xref + linkend="libpq-connect-channel-binding"/> connection parameter. + </para> + </listitem> + + <listitem> + <para> + <indexterm> <primary><envar>PGSERVICE</envar></primary> </indexterm> <envar>PGSERVICE</envar> behaves the same as the <xref |