diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index e1a1d5a1c58af7a03ae1e2d62f3cc64f1f12ea94..a9d0d98d04d3ce8164f26a41b78210824a3a1607 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.271 2008/11/25 19:30:42 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.272 2008/12/02 12:42:11 mha Exp $ -->
 
 <chapter id="libpq">
  <title><application>libpq</application> - C Library</title>
@@ -283,6 +283,15 @@
            only if the certificate also has just the IP address in the
            <literal>cn</> field.
           </para>
+
+          <para>
+           If the <literal>cn</> attribute in the certificate sent by the
+           server starts with an asterisk (<literal>*</>), it will be treated
+           as a wildcard. This wildcard can only be present at the start of
+           the value, and will match all characters <emphasis>except</> a
+           dot (<literal>.</>). This means the certificate will not match
+           subdomains.
+          </para>
          </listitem>
         </varlistentry>