Re: ssl connection strangely stops working - Mailing list pgsql-jdbc

From Radosław Smogura
Subject Re: ssl connection strangely stops working
Date
Msg-id 201102050958.37104.rsmogura@softperience.eu
Whole thread Raw
In response to ssl connection strangely stops working  (zhong ming wu <mr.z.m.wu@gmail.com>)
Responses Re: ssl connection strangely stops working
List pgsql-jdbc
I don't think JDBC driver use custom SSL "validators" including host name and
certificate chains, if you don't specify one with socket factory. It lies on
this what is available in JVM. It's looks like in this way Sun SSL sockets
works.

May I ask what GF version do you use and did you specified trustore passwords
configuration in -D propperties?
I actually use GF and I was in need to configure truststores per JVM level (-
D) to use SSL sockets in (v3.1 releases). I don't like this soulution as it
require to provide clear text master password.


Kind regards,
Radosław Smogura
http://softperience.eu


zhong ming wu <mr.z.m.wu@gmail.com> Saturday 05 February 2011 03:50:37
> the problem was traced to server certificate expiration
>
> the problematic server cert is signed by a commercial CA.  i think
> problem is caused by jdbc not connecting to expired certificate
>
> however jdbc had not been checking that hostname is the same as CN  ;
> so i had assumed that i does no other checking.
>
> since psql was working it confused me even more. replacing with
> unexpired commercial certificate fixes the problem although this new
> cert CN does match the hostname.
>
> jdbc also does not like unexpired server cert signed by the company CA.
>
> good to learn something new.
>
> very sorry about the noise.
>
> On Fri, Feb 4, 2011 at 8:48 PM, zhong ming wu <mr.z.m.wu@gmail.com> wrote:
> > Dear List
> >
> > I am not a very experienced user of jdbc although have been using
> > postgresql for many years having done many server installation and
> > administering them.
> >
> > From three different systems (mac, windows, and centos virtualbox)
> > behind 1 ip address I had succeeded in getting ssl connection to a
> > remote server via jdbc.  (That after much struggle on centOS
> > glassfish; turns out i had to run
> >  "asadmin set
> > domain.resources.jdbc-connection-pool.connectionPool.property.JDBC30Data
> > Source=true" at glassfish account)
> >
> > On mac and windows the connection is set up via netbeans/glassfish.
> > All were working very well for about two weeks up until yesterday
> > evening.
> >
> > Today all three connections stop working for no apparent reason.  I
> > had not touched any settings on the postgresql server.
> >
> > In server log I only get this,
> >
> > LOG:  could not accept SSL connection: sslv3 alert certificate unknown
> >
> > Yes I googled this problem and find pages seemingly not relevant to my
> > problem.  I know I have ssl connection right because it was working
> > just 24 hours ago with no changes in server or client settings.
> >
> > Even weirder I can still connect to this server using psql from centOS
> > virtualbox.  See this
> > ------------------
> > /usr/local/pg/bin/psql -U mail -h server.address -p 5433 mail
> > Password for user mail:
> > psql (9.0.2)
> > SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
> > Type "help" for help.
> >
> > mail=>
> > -----------
> >
> > Any suggestions?  Do I suddenly need to enter server ssl cert into
> > keystore of glassfish server now?  But I didn't need it before!
> >
> > Some webpages mention using property
> > sslfactory=org.postgresql.ssl.NonValidatingFactory
> >
> > That does not seem to help much.
> >
> > Thanks
> >
> > mr wu

pgsql-jdbc by date:

Previous
From: zhong ming wu
Date:
Subject: Re: ssl connection strangely stops working
Next
From: zhong ming wu
Date:
Subject: Re: ssl connection strangely stops working