SSL Attribute Functions: PQsslAttributeNames and PQsslStruct

Returns "on" if SSL compression is in use, else it returns "off". </para> </listitem> </varlistentry> <varlistentry> <term><literal>alpn</literal></term> <listitem> <para> Application protocol selected by the TLS Application-Layer Protocol Negotiation (ALPN) extension. The only protocol supported by libpq is <literal>postgresql</literal>, so this is mainly useful for checking whether the server supported ALPN or not. Empty string if ALPN was not used. </para> </listitem> </varlistentry> </variablelist> </para> <para> As a special case, the <literal>library</literal> attribute may be queried without a connection by passing NULL as the <literal>conn</literal> argument. The result will be the default SSL library name, or NULL if <application>libpq</application> was compiled without any SSL support. (Prior to <productname>PostgreSQL</productname> version 15, passing NULL as the <literal>conn</literal> argument always resulted in NULL. Client programs needing to differentiate between the newer and older implementations of this case may check the <literal>LIBPQ_HAS_SSL_LIBRARY_DETECTION</literal> feature macro.) </para> </listitem> </varlistentry> <varlistentry id="libpq-PQsslAttributeNames"> <term><function>PQsslAttributeNames</function><indexterm><primary>PQsslAttributeNames</primary></indexterm></term> <listitem> <para> Returns an array of SSL attribute names that can be used in <function>PQsslAttribute()</function>. The array is terminated by a NULL pointer. <synopsis> const char * const * PQsslAttributeNames(const PGconn *conn); </synopsis> </para> <para> If <literal>conn</literal> is NULL, the attributes available for the default SSL library are returned, or an empty list if <application>libpq</application> was compiled without any SSL support. If <literal>conn</literal> is not NULL, the attributes available for the SSL library in use for the connection are returned, or an empty list if the connection is not encrypted. </para> </listitem> </varlistentry> <varlistentry id="libpq-PQsslStruct"> <term><function>PQsslStruct</function><indexterm><primary>PQsslStruct</primary></indexterm></term> <listitem> <para> Returns a pointer to an SSL-implementation-specific object describing the connection. Returns NULL if the connection is not encrypted or the requested type of object is not available from the connection's SSL implementation. <synopsis> void *PQsslStruct(const PGconn *conn, const char *struct_name); </synopsis> </para> <para> The struct(s) available depend on the SSL implementation in use. For <productname>OpenSSL</productname>, there is one struct, available under the name <literal>OpenSSL</literal>, and it returns a pointer to <productname>OpenSSL</productname>'s <literal>SSL</literal> struct. To use this function, code along the following lines could be used: <programlisting><![CDATA[ #include <libpq-fe.h> #include <openssl/ssl.h> ... SSL *ssl; dbconn = PQconnectdb(...); ... ssl = PQsslStruct(dbconn, "OpenSSL"); if (ssl) { /* use OpenSSL functions to access ssl */ } ]]></programlisting> </para> <para> This structure can be used to verify encryption levels, check server certificates, and more. Refer to the <productname>OpenSSL</productname> documentation for information about this structure. </para> </listitem> </varlistentry> <varlistentry id="libpq-PQgetssl"> <term><function>PQgetssl</function><indexterm><primary>PQgetssl</primary></indexterm></term>

This section describes functions for retrieving SSL attribute names and implementation-specific objects. PQsslAttributeNames returns an array of valid attribute names for PQsslAttribute. PQsslStruct returns a pointer to an SSL-implementation-specific object, such as the OpenSSL SSL struct, allowing access to underlying SSL library functions for tasks like encryption level verification and certificate checking.