| From: | Vladimir Sitnikov <sitnikov(dot)vladimir(at)gmail(dot)com> |
|---|---|
| To: | "Campbell, Lance" <lance(at)illinois(dot)edu>, Dave Cramer <pg(at)fastcrypt(dot)com> |
| Cc: | "pgsql-jdbc(at)postgresql(dot)org" <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: I am receiving an error |
| Date: | 2019-04-23 15:33:01 |
| Message-ID: | CAB=Je-E2ipL7QiJukUTmdT+2=Ubeac5h9R9LCUi426Q822qQvA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Does that mean we want to add more thorough explanation to the exception
message itself?
Of course we can't add URLs there (as they happen to change over time),
however we might do better exception-wize.
Should the default exception suggest to check hostname vs certificate?
E.g. something behind the words
>The connection URL specifies test.cname.illinois.edu:5432,
>however the server provided certificate for a different hostname:
> aws.postgresql.server.amazonaws.com. It means either the certificate is
invalid or the hostname in the connection URL must be different.
> pgjdbc aborts such connections in order to avoid man-in-the-middle
attacks.
> Please configure the proper certificate and/or use proper hostname in the
connection URL
> Hostname verification can be temporary disabled, however it would open
your service to man-in-the-middle attacks, so you probably don't want to
disable the verification.
WDYT?
Vladimir
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Cramer | 2019-04-23 15:34:40 | Re: I am receiving an error |
| Previous Message | Campbell, Lance | 2019-04-23 15:16:39 | Re: I am receiving an error |