This patch makes some SGML markup more consistent and makes a small

improvement to the SSL auth docs.

doc/src/sgml/client-auth.sgml

@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.61 2003/11/29 19:51:36 pgsql Exp $
+$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.62 2003/12/13 23:59:06 neilc Exp $
 -->
 
 <chapter id="client-authentication">
@@ -111,10 +111,13 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
      <term><literal>host</literal></term>
      <listitem>
       <para>
-       This record matches connection attempts using TCP/IP networks.
+       This record matches connection attempts made using TCP/IP.
        Note that TCP/IP connections are disabled unless the server is
        started with the <option>-i</option> option or the
-       <varname>tcpip_socket</> configuration parameter is enabled.
+       <varname>tcpip_socket</> configuration parameter is
+       enabled. <literal>host</literal> records match either
+       <acronym>SSL</acronym> or non-<acronym>SSL</acronym> connection
+       attempts.
       </para>
      </listitem>
     </varlistentry>
@@ -123,17 +126,17 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
      <term><literal>hostssl</literal></term>
      <listitem>
       <para>
-       This record matches connection attempts using SSL over TCP/IP.
-       <literal>host</literal> records will match either SSL or
-       non-SSL connection attempts, but <literal>hostssl</literal>
-       records require SSL connections.
+       This record matches connection attempts made using TCP/IP. In
+       addition, this record requires that the connection is made with
+       <acronym>SSL</acronym>.
       </para>
 
       <para>
-       To make use of this option the server must be built
-       with SSL support enabled. Furthermore, SSL must be enabled by
-       enabling the <varname>ssl</varname> configuration parameter
-       (see <xref linkend="runtime-config"> for more information).
+       To make use of this option the server must be built with
+       <acronym>SSL</acronym> support enabled. Furthermore,
+       <acronym>SSL</acronym> must be enabled by setting the
+       <varname>ssl</varname> configuration parameter (see <xref
+       linkend="ssl-tcp"> for more information).
       </para>
      </listitem>
     </varlistentry>
@@ -143,8 +146,8 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
      <listitem>
       <para>
        This record is similar to <literal>hostssl</> but with the
-	   opposite logic: it matches only regular connection attempts not
-	   using SSL.
+	   opposite logic: it only matches connection attempts made over
+	   TCP/IP that do not use <acronym>SSL</acronym>.
       </para>
      </listitem>
     </varlistentry>
@@ -593,7 +596,7 @@ local   db1,db2,@demodbs  all                                       md5
     <quote>sniffing</> attacks then <literal>md5</> is preferred, with
     <literal>crypt</> a second choice if you must support pre-7.2
     clients. Plain <literal>password</> should especially be avoided for
-    connections over the open Internet (unless you use SSL, SSH, or
+    connections over the open Internet (unless you use <acronym>SSL</acronym>, SSH, or
     other communications security wrappers around the connection).
    </para>