Managing SSL Connections

[PG Doc comments form]

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/16/ssl-tcp.html
Description:

It would be handy to see documentation on the process of renewing a
certificate in terms of the impact it would have if you force clients to do
TLS connections. For example is there a way to load a new certificate whilst
the old one is still active to prevent outages or can this only be done in a
cluster setup?

Documentation of .pgpass for Unix is incomplete

[PG Doc comments form]

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/16/libpq-pgpass.html
Description:

The documentation of the .pgpass password file is incomplete in the Unix
case (https://www.postgresql.org/docs/16/libpq-pgpass.html):

It does not mention how the .pgpass File is actually found.  One would
assume it uses the getpwent() function to find the current users
homedirectory and locate the .pgpass file there, but this is not the case. 
It only looks at the HOME environment variable.

If you change the user using setuid() and do not change HOME as well, the
file not be found.  Or assume you start a DB client as root by using su to
change the user id, things will not work:

# /bin/su -c "startx -- " - xpos

This starts X11 and changes to the user xpos, but it does only change the
user id, not $HOME.