Re: A solution to the SSL customizing problem - Mailing list pgsql-jdbc

From Oliver Jowett
Subject Re: A solution to the SSL customizing problem
Date
Msg-id 4172C8C0.6030501@opencloud.com
Whole thread Raw
In response to Re: A solution to the SSL customizing problem  (Kris Jurka <books@ejurka.com>)
List pgsql-jdbc
Kris Jurka wrote:

> In the non-validating factory I have a SSLContext.getInstance("TLS"), but
> I've also seen it use "SSL".  Is either preferred or does it matter for
> pg?

http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#AppA
has a list of 'standard' protocol names. "TLS" supports the largest set
of protocols, I believe.

> I've been building the jdbc2ee jar files against the actual j2sdkee1.2.1,
> not just the jdbc optional package.  This includes support for
> javax.net.ssl.SSLSocketFactory, but not javax.net.ssl.SSLContext and
> associated classes which are in com.sun.net.ssl instead.  So at the moment
> I've modified the ssl requirements to not build ssl into this
> particular jar.  What do we want to do about this:
>
>  - nothing, the ee really meant datasource and was never meant to
>    include ssl
>  - make the existing ssl support work by not building the
>    NonValidingFactory class

Either of these look OK to me.

>  - make everything work by building the NonValidatingFactory by importing
>    from com.sun.net.ssl instead.

I think this is a bad idea, it'd break the build on non-Sun JDKs.

-O

pgsql-jdbc by date:

Previous
From: Kris Jurka
Date:
Subject: setBinaryStream can abandon connection
Next
From: Oliver Jowett
Date:
Subject: Re: setBinaryStream can abandon connection