Re: SSL for JDBC - Mailing list pgsql-jdbc
From | Barry Lind |
---|---|
Subject | Re: SSL for JDBC |
Date | |
Msg-id | 3E53C1A4.505@xythos.com Whole thread Raw |
In response to | SSL for JDBC ("Takeo Shibata" <shibata@areabe.com>) |
Responses |
Re: SSL for JDBC
(Tarjei Skorgenes <tarjei.skorgenes@himolde.no>)
Re: SSL for JDBC (Oliver Jowett <oliver@opencloud.com>) |
List | pgsql-jdbc |
Takeo, There is more work necessary than what you have tried. Please look at the documentation for how the postgres server negotiates a connection with the client regarding ssl. http://www.postgresql.org/docs/view.php?version=7.3&idoc=0&file=protocol-protocol.html#AEN54636 Basically, the connection is initiated with non-ssl and then converted to ssl later. I was just looking at the java ssl API and I don't see a way to do this in java. Does anyone more familiar with java ssl support know how you can convert a regular socket connection to ssl after you have created and used it? thanks, --Barry Takeo Shibata wrote: > Hi > > I try to connect to postgresql server by > SSL via JDBC. > > But I got always error. The handshake always fail. > > I create the SSL Private key 'server.key' and selfsigned certificate > 'server.crt' by openssl. > and configure postgresql to accept ssl. > > When I connect by psql like > > #psql -h 192.168.1.20 TestDB -u > ---Outpot--------- > psql: Warning: The -u option is deprecated. Use -U. > User name: testuser > Password:testpass > Welcome to psql, the PostgreSQL interactive terminal. > > Type: \copyright for distribution terms > \h for help with SQL commands > \? for help on internal slash commands > \g or terminate with semicolon to execute query > \q to quit > > SSL connection (cipher: DES-CBC3-SHA, bits: 168) > ---------------------- > > So SSL connection is correctly setup in the postgresql server. > > Then, I modified the postgresql Driver, PG_Stream.java and replcace the > Socket by SSLSocket as following. > > ++++++++++++++++++++++++++++ > //connection = new Socket(host, port); > SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); > connection = (SSLSocket) factory.createSocket(host,port); > connection.startHandshake(); > > ~~ > //private Socket connection > private SSLSocket connection; > +++++++++++++++++++++++++ > > Than I add the certificate into the root CA to be trusted. > keytool -import -storetype jks -keystore cacerts -file server.crt > cacerts is in java_home/jre/lib/security/cacerts. > > But I still got the error. > > -->Exception: The connection attempt failed because Exception: > javax.net.ssl.SSL > Exception: Unrecognized SSL handshake. > Stack Trace: > javax.net.ssl.SSLException: Unrecognized SSL handshake. > at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > at java.io.OutputStream.write(OutputStream.java:58) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) > at org.postgresql.PG_Stream.<init>(PG_Stream.java:32) > at > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJ > dbc1Connection.java:160) > at org.postgresql.Driver.connect(Driver.java:122) > at java.sql.DriverManager.getConnection(DriverManager.java:512) > at java.sql.DriverManager.getConnection(DriverManager.java:171) > at test.connectdb(test.java:47) > > > I am wondering if anybody have successfuly connected from JDBC to PostgreSQL > by SSL. > Please help me! > > Hopefully, SSL supported driver is coming soon! > Thank you. > > Tak > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) >
pgsql-jdbc by date: