diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml index be3d1d9cb024a89b292007135c89db9969f3cc1b..78778dedd364b79bed9b8804aac35a4122ae7ffa 100644 --- a/doc/src/sgml/release-8.4.sgml +++ b/doc/src/sgml/release-8.4.sgml @@ -1,4 +1,4 @@ - + @@ -714,7 +714,7 @@ - Authentication + Authentication and security @@ -738,6 +738,19 @@ + + + Support SSL certificate chains in server certificate + file (Andrew Gierth) + + + + Including the full certificate chain makes the client able + to verify the certificate without having all intermediate CA + certificates present in the local store, which is often the case for + commercial CAs. + + @@ -2616,6 +2629,16 @@ + + + Make Kerberos use the same method to determine the username of the + client as all other authentication methods (Magnus) + + + + Previously a special Kerberos-only API was used. + + @@ -2637,11 +2660,25 @@ connections. If a root certificate is not available to use for verification, SSL connections will fail. The sslmode parameter is used to enable the certificate - verification. + verification and set the level. + + + + The default is still not to do any verification, allowing connections + to SSL enabled servers without requiring a root certificate on the + client. + + + + + + Support wildcard server certificates (Magnus) - The default is still not to do any verification. + If a certificate CN starts with *, it will + be treated as a wildcard when matching the hostname, allowing the + use of the same certificate for multiple servers.