SSL-Related Functions: PQsslInUse and PQsslAttribute

PQconnectionUsedGSSAPI(const PGconn *conn); </synopsis> </para> <para> This function can be applied to detect whether the connection was authenticated with GSSAPI. </para> </listitem> </varlistentry> </variablelist> </para> <para> The following functions return information related to SSL. This information usually doesn't change after a connection is established. <variablelist> <varlistentry id="libpq-PQsslInUse"> <term><function>PQsslInUse</function><indexterm><primary>PQsslInUse</primary></indexterm></term> <listitem> <para> Returns true (1) if the connection uses SSL, false (0) if not. <synopsis> int PQsslInUse(const PGconn *conn); </synopsis> </para> </listitem> </varlistentry> <varlistentry id="libpq-PQsslAttribute"> <term><function>PQsslAttribute</function><indexterm><primary>PQsslAttribute</primary></indexterm></term> <listitem> <para> Returns SSL-related information about the connection. <synopsis> const char *PQsslAttribute(const PGconn *conn, const char *attribute_name); </synopsis> </para> <para> The list of available attributes varies depending on the SSL library being used and the type of connection. Returns NULL if the connection does not use SSL or the specified attribute name is not defined for the library in use. </para> <para> The following attributes are commonly available: <variablelist> <varlistentry> <term><literal>library</literal></term> <listitem> <para> Name of the SSL implementation in use. (Currently, only <literal>"OpenSSL"</literal> is implemented) </para> </listitem> </varlistentry> <varlistentry> <term><literal>protocol</literal></term> <listitem> <para> SSL/TLS version in use. Common values are <literal>"TLSv1"</literal>, <literal>"TLSv1.1"</literal> and <literal>"TLSv1.2"</literal>, but an implementation may return other strings if some other protocol is used. </para> </listitem> </varlistentry> <varlistentry> <term><literal>key_bits</literal></term> <listitem> <para> Number of key bits used by the encryption algorithm. </para> </listitem> </varlistentry> <varlistentry> <term><literal>cipher</literal></term> <listitem> <para> A short name of the ciphersuite used, e.g., <literal>"DHE-RSA-DES-CBC3-SHA"</literal>. The names are specific to each SSL implementation. </para> </listitem> </varlistentry> <varlistentry> <term><literal>compression</literal></term> <listitem> <para> Returns "on" if SSL compression is in use, else it returns "off". </para> </listitem> </varlistentry> <varlistentry> <term><literal>alpn</literal></term> <listitem> <para> Application protocol selected by the TLS Application-Layer Protocol Negotiation (ALPN) extension. The only protocol supported by libpq is <literal>postgresql</literal>, so this is mainly useful for checking whether the server supported ALPN or not. Empty string if ALPN was not used. </para> </listitem> </varlistentry> </variablelist> </para> <para> As a special case, the <literal>library</literal> attribute may be queried without a connection by passing NULL as the <literal>conn</literal> argument. The result will be the default SSL library name, or NULL if <application>libpq</application> was compiled without

This section details functions to retrieve SSL-related information about a connection. PQsslInUse returns true if the connection uses SSL. PQsslAttribute allows querying specific SSL attributes, such as the SSL library in use, protocol version, key bits, cipher suite, compression status, and ALPN status. The 'library' attribute can be queried even without an active connection to determine the default SSL library.