Re: SSL patch

Hi Bodor,

Understood.

So now all the tests are failing some due to unknown ca, others to
certificate expired ?

Dave Cramer

dave.cramer(at)credativ(dot)ca
http://www.credativ.ca

On Thu, Nov 10, 2011 at 9:30 AM, Bodor András <bodri(dot)mh3(at)gmail(dot)com> wrote:
> Dear Dave,
>
> The installation of sslinfo is only necessary for the unit tests, it is
> not used at all in the driver itself. Obviously I wanted to test weather
> we were actually using ssl, but it is not essential. It can be removed,
> or an additional option can be introduced to ssltest.properties.
> The relevant lines are in
> org.postgresql.test.ssl.SslTest.driver(String connstr, Object[]
> expected)
>
> There are a few things still to be done with this patch.
> 1. the jdbc datasource interface was not modified at all,
> so it is unaware of the new options,
> 2. it should be decided, what is the expected behaviour of sslmode=allow
> or prefer (they might be omitted completely),
> 3. I have not tested certificate chains yet,
> 4. when a client certificate is available, the v8 and v9 servers
> behave differently (BUG #5468 is fixed in v9) so different unit test are
> needed to check this,
> 5. there is a list of options somewhere in the code, this should
> be updated as well,
> 6. documentation.
>
>           Andras
>
> On Thu, Nov 10, 2011 at 2:56 PM, Dave Cramer <pg(at)fastcrypt(dot)com> wrote:
>> Andras,
>>
>> I'm looking at your patch attached to this link
>> http://archives.postgresql.org/pgsql-jdbc/2011-08/msg00067.php right
>> now. Thanks by the way!
>>
>> The only thing I'd like to pose to the list is the necessity for
>> sslinfo to be installed in any database. I can envision some
>> production environments which this may not be possible ?
>>
>> Dave Cramer
>>
>> dave.cramer(at)credativ(dot)ca
>> http://www.credativ.ca
>>
>>
>>
>>
>> On Thu, Sep 15, 2011 at 11:41 AM, Bodor Andras <bodri(dot)mh3(at)gmail(dot)com> wrote:
>>>
>>>  Yes, it is also included in the patch
>>> (package org.postgresql.test.ssl). It
>>> tries to connect to a series of databases
>>> with different ssl properties. The connection
>>> strings are given in the ssltest.properties
>>> file in the root of the distribution. Just
>>> comment out the connstrings, that you don't
>>> want to run. Also read the certdir/README
>>> file. (build.xml is modified to run this test.)
>>>           Andras
>>>
>>>
>>> Dave Cramer wrote:
>>>>
>>>> Hi Bodor,
>>>>
>>>> So do you have any test cases for this ?
>>>>
>>>> Dave Cramer
>>>>
>>>> dave.cramer(at)credativ(dot)ca
>>>> http://www.credativ.ca
>>>>
>>>>
>>>>
>>>>
>>>> 2011/9/13 Bodor Andras<bodri(dot)mh3(at)gmail(dot)com>:
>>>>>
>>>>>  Hi!
>>>>>
>>>>>  Can You make any use of my SSL patch sent in on the 23th of August?
>>>>>           Andras
>>>>>
>>>>> --
>>>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc(at)postgresql(dot)org)
>>>>> To make changes to your subscription:
>>>>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>>>>
>>>>
>>>
>>>
>>> --
>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc(at)postgresql(dot)org)
>>> To make changes to your subscription:
>>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>>
>>
>