Skip site navigation (1) Skip section navigation (2)

Re: A solution to the SSL customizing problem

From: Oliver Jowett <oliver(at)opencloud(dot)com>
To: Ulrich Meis <kenobi(at)halifax(dot)rwth-aachen(dot)de>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: A solution to the SSL customizing problem
Date: 2004-10-12 04:34:04
Message-ID: 416B5EBC.6060507@opencloud.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
Ulrich Meis wrote:
> On Tuesday 12 October 2004 04:57, Oliver Jowett wrote:
> 
> 
>>So I suggest you look at solving the "how do I give the driver an
>>appropriate SSLSocketFactory" problem first. Once that is solved, the
>>particular configurable behaviour you want can be easily implemented.
> 
> 
> How about my suggestions with the abstract handler class?
> I know it was a long post ;-)

Namely:

> In the Driver class you offer a method(make it empty if compiled without SSL):
> 
> setPGSSLHandler(PGSSLHandler handler) {
>  pgsslhandler=handler;}
> 

> abstract class PGSSLHandler {
> 
> public static final int STANDARD=0;
> public static final int CUSTOMFACTORY=1;
> public static final int CUSTOMSTORE=2;
> 
> abstract public int getHandleType(int conid);
> abstract public boolean getTrustAndSave(int conid);
> 
> abstract public KeyStore getKeyStore(int conid);
> abstract public SSLSocketFactory getSSLSocketFactory(int conid);
> 
> }

How do you arrange for setPGSSLHandler to be called if you are in a 
managed environment that does not know anything about the postgresql 
driver beyond the standard JDBC interfaces?

The "conid" stuff looks really grotty. How do you coordinate the 
URL-level configuration with the PGSSLHandler implementation?

Why is anything but getSSLSocketFactory() needed? You can implement 
whatever keystore/truststore policy you want via a SSLSocketFactory.

The only new thing there is really the conid stuff, and I'd rather deal 
with classloader issues (specify the class by name, loaded by the 
driver) than have to deal with managing magic opaque unique 
configuration keys and a postgresql-specific interface.

-O

In response to

Responses

pgsql-jdbc by date

Next:From: Oliver JowettDate: 2004-10-12 04:55:27
Subject: Re: Avoiding explicit addDataType calls for PostGIS
Previous:From: Ulrich MeisDate: 2004-10-12 04:20:03
Subject: Re: A solution to the SSL customizing problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group