While testing PostgreSQL JDBC java client to connect to the PG 9.2.1
database server using SSL.
we got the following behavior.
The test steps as below:
url = "jdbc:postgresql://" + "10.145.98.227" + ':'
+ "8707" + '/'
+ "POSTGRES";
Properties props = new Properties();
props.setProperty("user", "CLIENT");
props.setProperty("password", "1234@QWER");
props.setProperty("ssl", "true");
System.setProperty("javax.net.ssl.trustStore", "193store");
System.setProperty("javax.net.ssl.keyStore", "193client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");
/*Begin the first ssl connection*/
conn1 = DriverManager.getConnection(url, props);
System.out.println("Connection1 successful!");
System.setProperty("javax.net.ssl.trustStore", "193store");
System.setProperty("javax.net.ssl.keyStore", "193client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");
/*Begin the second ssl connection*/
conn2 = DriverManager.getConnection(url, props);
System.out.println("Connection2 successful!");
Before first connection we set
"System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");" qwerty is
the right password
and before second SSL connection we set
"System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");"
wrongpassword is the wrong password.
we expect the first SSL connection will be successful and second failed
because of wrong password, but actually we get two successful SSL
connections.
We found that if the first SSL connections password set right, all the
following SSL connections are fine ,even set wrong keystroke password.
1. Is this a defect about JDBC?
2. Is it SSL behavior to authenticate only once?
3. Is it system property behavior can be set only once.
4. Is it because of any other problems?
please give your suggestions?
Regards,
Hari babu.