6 files changed, 42 insertions, 42 deletions

diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
index 62c2697920f..90db550b921 100644
--- a/contrib/postgres_fdw/expected/postgres_fdw.out
+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
@@ -8898,7 +8898,7 @@ DO $d$
     END;
 $d$;
 ERROR:  invalid option "password"
-HINT:  Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, requirepeer, sslminprotocolversion, sslmaxprotocolversion, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size
+HINT:  Valid options in this context are: service, passfile, channel_binding, connect_timeout, dbname, host, hostaddr, port, options, application_name, keepalives, keepalives_idle, keepalives_interval, keepalives_count, tcp_user_timeout, sslmode, sslcompression, sslcert, sslkey, sslrootcert, sslcrl, requirepeer, ssl_min_protocol_version, ssl_max_protocol_version, gssencmode, krbsrvname, gsslib, target_session_attrs, use_remote_estimate, fdw_startup_cost, fdw_tuple_cost, extensions, updatable, fetch_size
 CONTEXT:  SQL statement "ALTER SERVER loopback_nopw OPTIONS (ADD password 'dummypw')"
 PL/pgSQL function inline_code_block line 3 at EXECUTE
 -- If we add a password for our user mapping instead, we should get a different
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 75d2224a61b..5ddb4c28bde 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1736,8 +1736,8 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
       </listitem>
      </varlistentry>
 
-     <varlistentry id="libpq-connect-sslminprotocolversion" xreflabel="sslminprotocolversion">
-      <term><literal>sslminprotocolversion</literal></term>
+     <varlistentry id="libpq-connect-ssl-min-protocol-version" xreflabel="ssl_min_protocol_version">
+      <term><literal>ssl_min_protocol_version</literal></term>
       <listitem>
        <para>
         This parameter specifies the minimum SSL/TLS protocol version to allow
@@ -1752,8 +1752,8 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
       </listitem>
      </varlistentry>
 
-     <varlistentry id="libpq-connect-sslmaxprotocolversion" xreflabel="sslmaxprotocolversion">
-      <term><literal>sslmaxprotocolversion</literal></term>
+     <varlistentry id="libpq-connect-ssl-max-protocol-version" xreflabel="ssl_max_protocol_version">
+      <term><literal>ssl_max_protocol_version</literal></term>
       <listitem>
        <para>
         This parameter specifies the maximum SSL/TLS protocol version to allow
@@ -7164,7 +7164,7 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
        <primary><envar>PGSSLMINPROTOCOLVERSION</envar></primary>
       </indexterm>
       <envar>PGSSLMINPROTOCOLVERSION</envar> behaves the same as the <xref
-      linkend="libpq-connect-sslminprotocolversion"/> connection parameter.
+      linkend="libpq-connect-ssl-min-protocol-version"/> connection parameter.
      </para>
     </listitem>
 
@@ -7174,7 +7174,7 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
        <primary><envar>PGSSLMAXPROTOCOLVERSION</envar></primary>
       </indexterm>
       <envar>PGSSLMAXPROTOCOLVERSION</envar> behaves the same as the <xref
-      linkend="libpq-connect-sslminprotocolversion"/> connection parameter.
+      linkend="libpq-connect-ssl-min-protocol-version"/> connection parameter.
      </para>
     </listitem>
 
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 0157c619aac..23be9a66cb2 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -320,13 +320,13 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
 		"Require-Peer", "", 10,
 	offsetof(struct pg_conn, requirepeer)},
 
-	{"sslminprotocolversion", "PGSSLMINPROTOCOLVERSION", NULL, NULL,
+	{"ssl_min_protocol_version", "PGSSLMINPROTOCOLVERSION", NULL, NULL,
 		"SSL-Minimum-Protocol-Version", "", 8,	/* sizeof("TLSv1.x") == 8 */
-	offsetof(struct pg_conn, sslminprotocolversion)},
+	offsetof(struct pg_conn, ssl_min_protocol_version)},
 
-	{"sslmaxprotocolversion", "PGSSLMAXPROTOCOLVERSION", NULL, NULL,
+	{"ssl_max_protocol_version", "PGSSLMAXPROTOCOLVERSION", NULL, NULL,
 		"SSL-Maximum-Protocol-Version", "", 8,	/* sizeof("TLSv1.x") == 8 */
-	offsetof(struct pg_conn, sslmaxprotocolversion)},
+	offsetof(struct pg_conn, ssl_max_protocol_version)},
 
 	/*
 	 * As with SSL, all GSS options are exposed even in builds that don't have
@@ -1301,23 +1301,23 @@ connectOptions2(PGconn *conn)
 	}
 
 	/*
-	 * Validate TLS protocol versions for sslminprotocolversion and
-	 * sslmaxprotocolversion.
+	 * Validate TLS protocol versions for ssl_min_protocol_version and
+	 * ssl_max_protocol_version.
 	 */
-	if (!sslVerifyProtocolVersion(conn->sslminprotocolversion))
+	if (!sslVerifyProtocolVersion(conn->ssl_min_protocol_version))
 	{
 		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("invalid sslminprotocolversion value: \"%s\"\n"),
-						  conn->sslminprotocolversion);
+						  libpq_gettext("invalid ssl_min_protocol_version value: \"%s\"\n"),
+						  conn->ssl_min_protocol_version);
 		return false;
 	}
-	if (!sslVerifyProtocolVersion(conn->sslmaxprotocolversion))
+	if (!sslVerifyProtocolVersion(conn->ssl_max_protocol_version))
 	{
 		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("invalid sslmaxprotocolversion value: \"%s\"\n"),
-						  conn->sslmaxprotocolversion);
+						  libpq_gettext("invalid ssl_max_protocol_version value: \"%s\"\n"),
+						  conn->ssl_max_protocol_version);
 		return false;
 	}
 
@@ -1328,8 +1328,8 @@ connectOptions2(PGconn *conn)
 	 * already-built SSL context when the connection is being established, as
 	 * it would be doomed anyway.
 	 */
-	if (!sslVerifyProtocolRange(conn->sslminprotocolversion,
-								conn->sslmaxprotocolversion))
+	if (!sslVerifyProtocolRange(conn->ssl_min_protocol_version,
+								conn->ssl_max_protocol_version))
 	{
 		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
@@ -4046,10 +4046,10 @@ freePGconn(PGconn *conn)
 		free(conn->sslcompression);
 	if (conn->requirepeer)
 		free(conn->requirepeer);
-	if (conn->sslminprotocolversion)
-		free(conn->sslminprotocolversion);
-	if (conn->sslmaxprotocolversion)
-		free(conn->sslmaxprotocolversion);
+	if (conn->ssl_min_protocol_version)
+		free(conn->ssl_min_protocol_version);
+	if (conn->ssl_max_protocol_version)
+		free(conn->ssl_max_protocol_version);
 	if (conn->gssencmode)
 		free(conn->gssencmode);
 	if (conn->krbsrvname)
@@ -7120,7 +7120,7 @@ pgpassfileWarning(PGconn *conn)
 /*
  * Check if the SSL procotol value given in input is valid or not.
  * This is used as a sanity check routine for the connection parameters
- * sslminprotocolversion and sslmaxprotocolversion.
+ * ssl_min_protocol_version and ssl_max_protocol_version.
  */
 static bool
 sslVerifyProtocolVersion(const char *version)
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 731aa23c553..ddeeb606f5b 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -842,18 +842,18 @@ initialize_SSL(PGconn *conn)
 	SSL_CTX_set_options(SSL_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
 	/* Set the minimum and maximum protocol versions if necessary */
-	if (conn->sslminprotocolversion &&
-		strlen(conn->sslminprotocolversion) != 0)
+	if (conn->ssl_min_protocol_version &&
+		strlen(conn->ssl_min_protocol_version) != 0)
 	{
 		int			ssl_min_ver;
 
-		ssl_min_ver = ssl_protocol_version_to_openssl(conn->sslminprotocolversion);
+		ssl_min_ver = ssl_protocol_version_to_openssl(conn->ssl_min_protocol_version);
 
 		if (ssl_min_ver == -1)
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("invalid value \"%s\" for minimum version of SSL protocol\n"),
-							  conn->sslminprotocolversion);
+							  conn->ssl_min_protocol_version);
 			SSL_CTX_free(SSL_context);
 			return -1;
 		}
@@ -871,18 +871,18 @@ initialize_SSL(PGconn *conn)
 		}
 	}
 
-	if (conn->sslmaxprotocolversion &&
-		strlen(conn->sslmaxprotocolversion) != 0)
+	if (conn->ssl_max_protocol_version &&
+		strlen(conn->ssl_max_protocol_version) != 0)
 	{
 		int			ssl_max_ver;
 
-		ssl_max_ver = ssl_protocol_version_to_openssl(conn->sslmaxprotocolversion);
+		ssl_max_ver = ssl_protocol_version_to_openssl(conn->ssl_max_protocol_version);
 
 		if (ssl_max_ver == -1)
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("invalid value \"%s\" for maximum version of SSL protocol\n"),
-							  conn->sslmaxprotocolversion);
+							  conn->ssl_max_protocol_version);
 			SSL_CTX_free(SSL_context);
 			return -1;
 		}
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index 72931e60195..1de91ae295b 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -367,8 +367,8 @@ struct pg_conn
 	char	   *krbsrvname;		/* Kerberos service name */
 	char	   *gsslib;			/* What GSS library to use ("gssapi" or
 								 * "sspi") */
-	char	   *sslminprotocolversion;	/* minimum TLS protocol version */
-	char	   *sslmaxprotocolversion;	/* maximum TLS protocol version */
+	char	   *ssl_min_protocol_version;	/* minimum TLS protocol version */
+	char	   *ssl_max_protocol_version;	/* maximum TLS protocol version */
 
 	/* Type of connection to make.  Possible values: any, read-write. */
 	char	   *target_session_attrs;
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
index d035ac7fc97..3e68a49ca93 100644
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -357,22 +357,22 @@ command_like(
 # Test min/max SSL protocol versions.
 test_connect_ok(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=TLSv1.2 sslmaxprotocolversion=TLSv1.2",
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocol_version=TLSv1.2 ssl_max_protocol_version=TLSv1.2",
 	"connection success with correct range of TLS protocol versions");
 test_connect_fails(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=TLSv1.2 sslmaxprotocolversion=TLSv1.1",
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocol_version=TLSv1.2 ssl_max_protocol_version=TLSv1.1",
 	qr/invalid SSL protocol version range/,
 	"connection failure with incorrect range of TLS protocol versions");
 test_connect_fails(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslminprotocolversion=incorrect_tls",
-	qr/invalid sslminprotocolversion value/,
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_min_protocol_version=incorrect_tls",
+	qr/invalid ssl_min_protocol_version value/,
 	"connection failure with an incorrect SSL protocol minimum bound");
 test_connect_fails(
 	$common_connstr,
-	"sslrootcert=ssl/root+server_ca.crt sslmode=require sslmaxprotocolversion=incorrect_tls",
-	qr/invalid sslmaxprotocolversion value/,
+	"sslrootcert=ssl/root+server_ca.crt sslmode=require ssl_max_protocol_version=incorrect_tls",
+	qr/invalid ssl_max_protocol_version value/,
 	"connection failure with an incorrect SSL protocol maximum bound");
 
 ### Server-side tests.