Skip site navigation (1) Skip section navigation (2)

Re: ssl connection strangely stops working

From: Radosław Smogura <rsmogura(at)softperience(dot)eu>
To: pgsql-jdbc(at)postgresql(dot)org
Cc: zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com>
Subject: Re: ssl connection strangely stops working
Date: 2011-02-05 16:08:24
Message-ID: 201102051708.24712.rsmogura@softperience.eu (view raw or flat)
Thread:
Lists: pgsql-jdbc
zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com> Saturday 05 February 2011 15:31:30
> On Sat, Feb 5, 2011 at 3:58 AM, Radosław Smogura
> 
> <rsmogura(at)softperience(dot)eu> wrote:
> > I don't think JDBC driver use custom SSL "validators" including host name
> > and certificate chains, if you don't specify one with socket factory. It
> > lies on this what is available in JVM. It's looks like in this way Sun
> > SSL sockets works.
I was asking because I was need to configure truststore password with -D 
(realy unsecure, because ps -wwx will show it), to make GF to open LDAPS 
connection - I have self signed cert.

> Very likely that the settings is in JVM.  When I wrote above reply I
> made it work on Mac.
> GF is using JVM of Apple.  I am still struggling to make it work on
> windows 7 which uses Oracle JVM.
I tested GF 3.1 on IBM JDK. I looked into sources, there are many many places 
that depends on Sun JVM implementation and Sun JDK. I wrote few lines to make 
this work, but hmmm... many places left.

> Also in my replied above I meant to write that there is still
> hostname/CN mismatch with new unexpired commercial CA.
> 

I didn't found, at a glance any piece of code that adds custom cert or host 
name validation in JDBC driver, it uses this what will get from system.
<snip>

Regards,
Radek

In response to

Responses

pgsql-jdbc by date

Next:From: John LHDate: 2011-02-05 16:21:47
Subject: Re: JDBC CallableStatement bug on functions with return parameter
Previous:From: Kevin GrittnerDate: 2011-02-05 15:23:52
Subject: Re: JDBC CallableStatement bug on functions with return parameter

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group