diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 57bfc8fc71..8908f775df 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2514,8 +2514,9 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
The list of available attributes varies depending on the SSL library
- being used, and the type of connection. If an attribute is not
- available, returns NULL.
+ being used and the type of connection. Returns NULL if the connection
+ does not use SSL or the specified attribute name is not defined for the
+ library in use.
@@ -2574,12 +2575,15 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
As a special case, the library attribute may be
- queried without an existing connection by passing NULL as the
- conn argument. The historical behavior was to return
- NULL for any attribute when a NULL conn was provided;
- client programs needing to differentiate between the newer and older
- implementations may check the
- LIBPQ_HAS_SSL_LIBRARY_DETECTION feature macro.
+ queried without a connection by passing NULL as
+ the conn argument. The result will be the default
+ SSL library name, or NULL if libpq was
+ compiled without any SSL support. (Prior
+ to PostgreSQL version 15, passing NULL as
+ the conn argument always resulted in NULL.
+ Client programs needing to differentiate between the newer and older
+ implementations of this case may check the
+ LIBPQ_HAS_SSL_LIBRARY_DETECTION feature macro.)
@@ -2588,7 +2592,8 @@ const char *PQsslAttribute(const PGconn *conn, const char *attribute_name);
PQsslAttributeNamesPQsslAttributeNames
- Return an array of SSL attribute names available. The array is terminated by a NULL pointer.
+ Returns an array of SSL attribute names available.
+ The array is terminated by a NULL pointer.
const char * const * PQsslAttributeNames(const PGconn *conn);
@@ -2600,8 +2605,10 @@ const char * const * PQsslAttributeNames(const PGconn *conn);
PQsslStructPQsslStruct
- Return a pointer to an SSL-implementation-specific object describing
- the connection.
+ Returns a pointer to an SSL-implementation-specific object describing
+ the connection. Returns NULL if the connection is not encrypted
+ or the requested type of object is not available from the connection's
+ SSL implementation.
void *PQsslStruct(const PGconn *conn, const char *struct_name);
@@ -2609,8 +2616,9 @@ void *PQsslStruct(const PGconn *conn, const char *struct_name);
The struct(s) available depend on the SSL implementation in use.
For OpenSSL, there is one struct,
- available under the name "OpenSSL", and it returns a pointer to the
- OpenSSL SSL struct.
+ available under the name OpenSSL,
+ and it returns a pointer to
+ OpenSSL's SSL struct.
To use this function, code along the following lines could be used:
@@ -2643,7 +2651,7 @@ void *PQsslStruct(const PGconn *conn, const char *struct_name);
SSLin libpq
- Returns the SSL structure used in the connection, or null
+ Returns the SSL structure used in the connection, or NULL
if SSL is not in use.
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index aea4661736..74b5c5987a 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1745,14 +1745,21 @@ PQsslAttributeNames(PGconn *conn)
const char *
PQsslAttribute(PGconn *conn, const char *attribute_name)
{
- if (strcmp(attribute_name, "library") == 0)
- return "OpenSSL";
-
if (!conn)
+ {
+ /* PQsslAttribute(NULL, "library") reports the default SSL library */
+ if (strcmp(attribute_name, "library") == 0)
+ return "OpenSSL";
return NULL;
+ }
+
+ /* All attributes read as NULL for a non-encrypted connection */
if (conn->ssl == NULL)
return NULL;
+ if (strcmp(attribute_name, "library") == 0)
+ return "OpenSSL";
+
if (strcmp(attribute_name, "key_bits") == 0)
{
static char sslbits_str[12];