From e6052cbf0640d3bb5f774a8cd9fc60cfc9fbab63 Mon Sep 17 00:00:00 2001
From: bryanhuntesl <31992054+bryanhuntesl@users.noreply.github.com>
Date: Fri, 18 Jun 2021 12:22:47 +0100
Subject: [PATCH] Add information about client certificate authentication
 (#552)

---
 lib/postgrex.ex | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/lib/postgrex.ex b/lib/postgrex.ex
index 548ace32..2d4a2e86 100644
--- a/lib/postgrex.ex
+++ b/lib/postgrex.ex
@@ -154,6 +154,21 @@ defmodule Postgrex do
 
       iex> {:ok, pid} = Postgrex.start_link(socket_dir: "/tmp", database: "postgres")
       {:ok, #PID<0.69.0>}
+      
+  ## SSL client authentication 
+  
+  When connecting to CockroachDB instances running in secure mode it is idiomatic to use 
+  client SSL certificate authentication. 
+  
+  An example of Repository configuration:
+  
+      config :app, App.Repo,
+        ssl: String.to_existing_atom(System.get_env("DB_SSL_ENABLED", "true")),
+        ssl_opts: [
+          verify: :verify_peer,
+          cacertfile: System.get_env("DB_CA_CERT_FILE"),
+          verify_fun: &:ssl_verify_hostname.verify_fun/3
+        ]  
 
   ## PgBouncer