Kris Jurka wrote:
>> Should I go ahead and write a patch against CVS HEAD, including
>> sslfactory? I guess I should write a patch or the documentation too
> Yes, please.
I have attached the patch, the documentation change is included.
I could not test if the documentation change is ok because I
cannot build the documentation
(I get a javax.xml.transform.TransformerException:
>> I believe that
>> SSL without certificate validation would be a good default
>> because this is the way it is done everywhere else in PostgreSQL.
> One of the ideas that Oliver had was to make the ssl parameter take a
> String value so you could say things like ssl=try or ssl=require or
> [...] We could do that and add ssl=validate or ssl=novalidate.
> That would make it easier for people to change the validation
> setting without getting into the details of sslfactory.
> I didn't think ssl=try was a real useful setting
> so resisted the idea at the time, but now that there are more
> interesting options perhaps we should give the idea another look.
The most intuitive setting for people used to libpq would be
ssl=disable/allow/prefer/require, with "prefer" or maybe "allow"
I think that certificate validation is orthogonal to that, it
can go with either of the above, so it had better be another property,
which means one might as well use "sslfactory" as it is now...
I will be on vacations from July 28 to August 10, so I cannot respond
during that time if there is a problem with my patch.
In response to
pgsql-jdbc by date
|Next:||From: Douglas Hammond||Date: 2007-07-25 15:02:21|
|Subject: defaultAutoCommit problem with glassfish|
|Previous:||From: Heikki Linnakangas||Date: 2007-07-25 09:54:43|
|Subject: Re: problem with date_trunc and jdbc|