| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | Andrew M <andrew(at)jibeya(dot)com>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL + SSL - sun.security.validator.ValidatorException |
| Date: | 2004-12-11 08:22:55 |
| Message-ID: | Pine.BSO.4.56.0412110318350.27632@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Sat, 11 Dec 2004, John R Pierce wrote:
> > It uses specific files relative to the user's $HOME directory. I don't
> > think this translates well into Java and I'm unsure what code would be
> > needed on the driver side to set this up. It would be great if someone
> > more Java+SSL knowledgeable could point us in the right direction here.
>
> if the jdbc driver is using J2SE 1.4 style SecureSockets, then the
> certificate store is in ${JAVA_HOME}/lib/security
> (%JAVA_HOME%\lib\security on Windows)
>
> there is a keytool command in J2SE to manipuate and generate these keys.
> http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
>
Right, we know how to handle verifying the server certificate against the
client keystore, that's pretty much all handled by java's SSL
implementation. The question is how do you do the reverse, providing the
client certificate to the server. For validating the server's cert java
can just loop through all available certs in the keystore and see if any
of them match. For sending a client cert on to the server there must be
some means of selecting one particular cert you want to send.
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew M | 2004-12-11 10:20:20 | Re: PostgreSQL + SSL - sun.security.validator.ValidatorException |
| Previous Message | John R Pierce | 2004-12-11 08:11:14 | Re: PostgreSQL + SSL - sun.security.validator.ValidatorException |