Skip site navigation (1) Skip section navigation (2)

Re: A solution to the SSL customizing problem

From: Oliver Jowett <oliver(at)opencloud(dot)com>
To: Ulrich Meis <kenobi(at)halifax(dot)rwth-aachen(dot)de>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: A solution to the SSL customizing problem
Date: 2004-10-12 02:57:36
Message-ID: 416B4820.8040601@opencloud.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
Ulrich Meis wrote:
> On Monday 11 October 2004 22:59, you wrote:
> 
>>Ulrich Meis wrote:
>>
>>>I propose a different solution. [...]
>>
>>This seems like a subset of the other solutions suggested. If you can
>>configure the SSLSocketFactory used, you can use a class just like the
>>one you provided without requiring that everyone uses it.
> 
> 
> Viewpoint one: configurability.
> 
> I agree, someone could write that same class. [...]

We could provide such a helper class that implements some policy along 
the lines of what your patch implements as a convenience to users, but I 
don't think that behaviour should be hardwired into the driver. It's not 
the place of the driver to make that sort of policy decision. It needs 
to be configurable, and the obvious place to do the configuration is to 
allow the user to provide their own SSLSocketFactory level, since that 
gives you complete freedom to customize whichever bits of the SSL 
handshake you want to.

So I suggest you look at solving the "how do I give the driver an 
appropriate SSLSocketFactory" problem first. Once that is solved, the 
particular configurable behaviour you want can be easily implemented.

-O

In response to

Responses

pgsql-jdbc by date

Next:From: Ulrich MeisDate: 2004-10-12 04:20:03
Subject: Re: A solution to the SSL customizing problem
Previous:From: Ulrich MeisDate: 2004-10-12 02:32:19
Subject: Re: A solution to the SSL customizing problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group