Re: SSL patch - Mailing list pgsql-jdbc
| From | Dave Cramer |
|---|---|
| Subject | Re: SSL patch |
| Date | |
| Msg-id | CADK3HHJfBE1GezYTrrEeSemKdfpUJAXigy9kg3Nq-ddOLD5D4w@mail.gmail.com Whole thread Raw |
| In response to | Re: SSL patch (Bodor András <bodri.mh3@gmail.com>) |
| Responses |
Re: SSL patch
|
| List | pgsql-jdbc |
Hi Bodor, Understood. So now all the tests are failing some due to unknown ca, others to certificate expired ? Dave Cramer dave.cramer(at)credativ(dot)ca http://www.credativ.ca On Thu, Nov 10, 2011 at 9:30 AM, Bodor András <bodri.mh3@gmail.com> wrote: > Dear Dave, > > The installation of sslinfo is only necessary for the unit tests, it is > not used at all in the driver itself. Obviously I wanted to test weather > we were actually using ssl, but it is not essential. It can be removed, > or an additional option can be introduced to ssltest.properties. > The relevant lines are in > org.postgresql.test.ssl.SslTest.driver(String connstr, Object[] > expected) > > There are a few things still to be done with this patch. > 1. the jdbc datasource interface was not modified at all, > so it is unaware of the new options, > 2. it should be decided, what is the expected behaviour of sslmode=allow > or prefer (they might be omitted completely), > 3. I have not tested certificate chains yet, > 4. when a client certificate is available, the v8 and v9 servers > behave differently (BUG #5468 is fixed in v9) so different unit test are > needed to check this, > 5. there is a list of options somewhere in the code, this should > be updated as well, > 6. documentation. > > Andras > > On Thu, Nov 10, 2011 at 2:56 PM, Dave Cramer <pg@fastcrypt.com> wrote: >> Andras, >> >> I'm looking at your patch attached to this link >> http://archives.postgresql.org/pgsql-jdbc/2011-08/msg00067.php right >> now. Thanks by the way! >> >> The only thing I'd like to pose to the list is the necessity for >> sslinfo to be installed in any database. I can envision some >> production environments which this may not be possible ? >> >> Dave Cramer >> >> dave.cramer(at)credativ(dot)ca >> http://www.credativ.ca >> >> >> >> >> On Thu, Sep 15, 2011 at 11:41 AM, Bodor Andras <bodri.mh3@gmail.com> wrote: >>> >>> Yes, it is also included in the patch >>> (package org.postgresql.test.ssl). It >>> tries to connect to a series of databases >>> with different ssl properties. The connection >>> strings are given in the ssltest.properties >>> file in the root of the distribution. Just >>> comment out the connstrings, that you don't >>> want to run. Also read the certdir/README >>> file. (build.xml is modified to run this test.) >>> Andras >>> >>> >>> Dave Cramer wrote: >>>> >>>> Hi Bodor, >>>> >>>> So do you have any test cases for this ? >>>> >>>> Dave Cramer >>>> >>>> dave.cramer(at)credativ(dot)ca >>>> http://www.credativ.ca >>>> >>>> >>>> >>>> >>>> 2011/9/13 Bodor Andras<bodri.mh3@gmail.com>: >>>>> >>>>> Hi! >>>>> >>>>> Can You make any use of my SSL patch sent in on the 23th of August? >>>>> Andras >>>>> >>>>> -- >>>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) >>>>> To make changes to your subscription: >>>>> http://www.postgresql.org/mailpref/pgsql-jdbc >>>>> >>>> >>> >>> >>> -- >>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) >>> To make changes to your subscription: >>> http://www.postgresql.org/mailpref/pgsql-jdbc >>> >> >
pgsql-jdbc by date: