From: | Radosław Smogura <rsmogura(at)softperience(dot)eu> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Cc: | zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com> |
Subject: | Re: ssl connection strangely stops working |
Date: | 2011-02-05 16:08:24 |
Message-ID: | 201102051708.24712.rsmogura@softperience.eu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com> Saturday 05 February 2011 15:31:30
> On Sat, Feb 5, 2011 at 3:58 AM, Radosław Smogura
>
> <rsmogura(at)softperience(dot)eu> wrote:
> > I don't think JDBC driver use custom SSL "validators" including host name
> > and certificate chains, if you don't specify one with socket factory. It
> > lies on this what is available in JVM. It's looks like in this way Sun
> > SSL sockets works.
I was asking because I was need to configure truststore password with -D
(realy unsecure, because ps -wwx will show it), to make GF to open LDAPS
connection - I have self signed cert.
> Very likely that the settings is in JVM. When I wrote above reply I
> made it work on Mac.
> GF is using JVM of Apple. I am still struggling to make it work on
> windows 7 which uses Oracle JVM.
I tested GF 3.1 on IBM JDK. I looked into sources, there are many many places
that depends on Sun JVM implementation and Sun JDK. I wrote few lines to make
this work, but hmmm... many places left.
> Also in my replied above I meant to write that there is still
> hostname/CN mismatch with new unexpired commercial CA.
>
I didn't found, at a glance any piece of code that adds custom cert or host
name validation in JDBC driver, it uses this what will get from system.
<snip>
Regards,
Radek
From | Date | Subject | |
---|---|---|---|
Next Message | John LH | 2011-02-05 16:21:47 | Re: JDBC CallableStatement bug on functions with return parameter |
Previous Message | Kevin Grittner | 2011-02-05 15:23:52 | Re: JDBC CallableStatement bug on functions with return parameter |