| From: | Dave Cramer <pg(at)fastcrypt(dot)com> |
|---|---|
| To: | Vladimir Sitnikov <sitnikov(dot)vladimir(at)gmail(dot)com> |
| Cc: | "Campbell, Lance" <lance(at)illinois(dot)edu>, "pgsql-jdbc(at)postgresql(dot)org" <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: I am receiving an error |
| Date: | 2019-04-23 15:34:40 |
| Message-ID: | CADK3HHJ6v+OVB_uvHJ6LHQtCKuAjmkezPaW9cQ88Nzo477soeQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Tue, 23 Apr 2019 at 11:33, Vladimir Sitnikov <sitnikov(dot)vladimir(at)gmail(dot)com>
wrote:
> Does that mean we want to add more thorough explanation to the exception
> message itself?
>
> Of course we can't add URLs there (as they happen to change over time),
> however we might do better exception-wize.
>
> Should the default exception suggest to check hostname vs certificate?
> E.g. something behind the words
>
> >The connection URL specifies test.cname.illinois.edu:5432,
> >however the server provided certificate for a different hostname:
> > aws.postgresql.server.amazonaws.com. It means either the certificate is
> invalid or the hostname in the connection URL must be different.
> > pgjdbc aborts such connections in order to avoid man-in-the-middle
> attacks.
> > Please configure the proper certificate and/or use proper hostname in
> the connection URL
> > Hostname verification can be temporary disabled, however it would open
> your service to man-in-the-middle attacks, so you probably don't want to
> disable the verification.
>
> WDYT?
>
> Vladimir
>
I suppose that makes sense.
Dave Cramer
davec(at)postgresintl(dot)com
www.postgresintl.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Cramer | 2019-04-25 15:56:48 | [pgjdbc/pgjdbc] 95ba7b: Update backend_protocol_v4_wanted_features.md |
| Previous Message | Vladimir Sitnikov | 2019-04-23 15:33:01 | Re: I am receiving an error |