From: | zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: ssl connection strangely stops working |
Date: | 2011-02-05 21:11:50 |
Message-ID: | AANLkTi=Bt7h61hKMqfSCCdzBUPoVJA0NqfvueMTuYwTu@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
On Sat, Feb 5, 2011 at 11:08 AM, Radosław Smogura
<rsmogura(at)softperience(dot)eu> wrote:
> I was asking because I was need to configure truststore password with -D
> (realy unsecure, because ps -wwx will show it), to make GF to open LDAPS
> connection - I have self signed cert.
>
>> Very likely that the settings is in JVM. When I wrote above reply I
>> made it work on Mac.
>> GF is using JVM of Apple. I am still struggling to make it work on
>> windows 7 which uses Oracle JVM.
> I tested GF 3.1 on IBM JDK. I looked into sources, there are many many places
> that depends on Sun JVM implementation and Sun JDK. I wrote few lines to make
> this work, but hmmm... many places left.
>
>> Also in my replied above I meant to write that there is still
>> hostname/CN mismatch with new unexpired commercial CA.
>>
>
> I didn't found, at a glance any piece of code that adds custom cert or host
> name validation in JDBC driver, it uses this what will get from system.
> <snip>
It's nice to know that all the problems can be traced to JVM settings.
FWIW, I ended using
'sslfactory=org.postgresql.ssl.NonViladatingFactory' on Windows 7
which I didn't need on Mac.
Have you looked into 'keytool' ? That lets you manipulate the
certificates that JVM relies on. What I am not sure is where one must
enter server certificates one by one into JVM or whether one can enter
a CA.
From | Date | Subject | |
---|---|---|---|
Next Message | Radosław Smogura | 2011-02-05 22:19:14 | Re: ssl connection strangely stops working |
Previous Message | John LH | 2011-02-05 18:00:54 | Re: JDBC CallableStatement bug on functions with return parameter |