--- postgresql-7.2.1/src/bin/psql/startup.c.orig	Mon Nov  5 10:46:31 2001
+++ postgresql-7.2.1/src/bin/psql/startup.c	Wed May 15 22:06:35 2002
@@ -678,7 +678,15 @@
 /*
  * printSSLInfo
  *
- * Prints information about the current SSL connection, if SSL is in use
+ * Prints information about the current SSL connection, if SSL is in use.
+ * This needs to be enough information to allow the user to make an
+ * informed decision whether to abort the connection: the identity of
+ * the server (hostname and organization, if present), the cipher and keysize.
+ *
+ * Unfortunately, the identity of the server can't be trusted until
+ * the certs are verified against a local keystore (like browsers
+ * do) or a trusted CA.  But we can at least get people used to seeing
+ * this information.
  */
 #ifdef USE_SSL
 static void
@@ -686,13 +694,40 @@
 {
 	int			sslbits = -1;
 	SSL		   *ssl;
+	X509	   *cert;
+	char		cname[256];
+	char		org[256];
+	char		unit[256];
+	X509_NAME  *subj;
+	int			n;
 
 	ssl = PQgetssl(pset.db);
 	if (!ssl)
 		return;					/* no SSL */
 
+	memset(cname, 0, sizeof cname);
+	memset(org, 0, sizeof org);
+	memset(unit, 0, sizeof unit);
+	cert = SSL_get_peer_certificate(ssl);
+	if (cert != NULL) {
+		subj = X509_get_subject_name(cert);
+		X509_NAME_get_text_by_NID(subj, NID_commonName,
+			cname, sizeof(cname)-1);
+		X509_NAME_get_text_by_NID(subj, NID_organizationName,
+			org, sizeof(org)-1);
+		X509_NAME_get_text_by_NID(subj, NID_organizationalUnitName,
+			unit, sizeof(unit)-1);
+	}
+
 	SSL_get_cipher_bits(ssl, &sslbits);
-	printf(gettext("SSL connection (cipher: %s, bits: %i)\n\n"),
+	printf(gettext("encrypted connection to %s\n"), cname);
+	if (org[0]) {
+		printf("%s\n", org);
+	}
+	if (unit[0]) {
+		printf("%s\n", unit);
+	}
+	printf(gettext("(cipher: %s, bits: %i)\n\n"),
 		   SSL_get_cipher(ssl), sslbits);
 }