From: | Dave Cramer <pg(at)fastcrypt(dot)com> |
---|---|
To: | Bodor András <bodri(dot)mh3(at)gmail(dot)com> |
Cc: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: SSL patch |
Date: | 2011-11-10 15:19:32 |
Message-ID: | CADK3HHJfBE1GezYTrrEeSemKdfpUJAXigy9kg3Nq-ddOLD5D4w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Hi Bodor,
Understood.
So now all the tests are failing some due to unknown ca, others to
certificate expired ?
Dave Cramer
dave.cramer(at)credativ(dot)ca
http://www.credativ.ca
On Thu, Nov 10, 2011 at 9:30 AM, Bodor András <bodri(dot)mh3(at)gmail(dot)com> wrote:
> Dear Dave,
>
> The installation of sslinfo is only necessary for the unit tests, it is
> not used at all in the driver itself. Obviously I wanted to test weather
> we were actually using ssl, but it is not essential. It can be removed,
> or an additional option can be introduced to ssltest.properties.
> The relevant lines are in
> org.postgresql.test.ssl.SslTest.driver(String connstr, Object[]
> expected)
>
> There are a few things still to be done with this patch.
> 1. the jdbc datasource interface was not modified at all,
> so it is unaware of the new options,
> 2. it should be decided, what is the expected behaviour of sslmode=allow
> or prefer (they might be omitted completely),
> 3. I have not tested certificate chains yet,
> 4. when a client certificate is available, the v8 and v9 servers
> behave differently (BUG #5468 is fixed in v9) so different unit test are
> needed to check this,
> 5. there is a list of options somewhere in the code, this should
> be updated as well,
> 6. documentation.
>
> Andras
>
> On Thu, Nov 10, 2011 at 2:56 PM, Dave Cramer <pg(at)fastcrypt(dot)com> wrote:
>> Andras,
>>
>> I'm looking at your patch attached to this link
>> http://archives.postgresql.org/pgsql-jdbc/2011-08/msg00067.php right
>> now. Thanks by the way!
>>
>> The only thing I'd like to pose to the list is the necessity for
>> sslinfo to be installed in any database. I can envision some
>> production environments which this may not be possible ?
>>
>> Dave Cramer
>>
>> dave.cramer(at)credativ(dot)ca
>> http://www.credativ.ca
>>
>>
>>
>>
>> On Thu, Sep 15, 2011 at 11:41 AM, Bodor Andras <bodri(dot)mh3(at)gmail(dot)com> wrote:
>>>
>>> Yes, it is also included in the patch
>>> (package org.postgresql.test.ssl). It
>>> tries to connect to a series of databases
>>> with different ssl properties. The connection
>>> strings are given in the ssltest.properties
>>> file in the root of the distribution. Just
>>> comment out the connstrings, that you don't
>>> want to run. Also read the certdir/README
>>> file. (build.xml is modified to run this test.)
>>> Andras
>>>
>>>
>>> Dave Cramer wrote:
>>>>
>>>> Hi Bodor,
>>>>
>>>> So do you have any test cases for this ?
>>>>
>>>> Dave Cramer
>>>>
>>>> dave.cramer(at)credativ(dot)ca
>>>> http://www.credativ.ca
>>>>
>>>>
>>>>
>>>>
>>>> 2011/9/13 Bodor Andras<bodri(dot)mh3(at)gmail(dot)com>:
>>>>>
>>>>> Hi!
>>>>>
>>>>> Can You make any use of my SSL patch sent in on the 23th of August?
>>>>> Andras
>>>>>
>>>>> --
>>>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc(at)postgresql(dot)org)
>>>>> To make changes to your subscription:
>>>>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>>>>
>>>>
>>>
>>>
>>> --
>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc(at)postgresql(dot)org)
>>> To make changes to your subscription:
>>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>>
>>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Bodor András | 2011-11-10 15:45:16 | Re: SSL patch |
Previous Message | Tom Lane | 2011-11-10 15:10:23 | Re: parameterized query much much slower than one with hard-coded string |