Postgres Pro
Downloads
Home   >   mailing lists

Re: JDBC connection test with SSL on PG 9.2.1 server - Mailing list pgsql-jdbc

From Dave Cramer
Subject Re: JDBC connection test with SSL on PG 9.2.1 server
Date
Msg-id CADK3HHLO-eup0et0nh85sZ=urfhsa=pqqGr8xJ+GpRZGBAC9+A@mail.gmail.com
Whole thread Raw
In response to JDBC connection test with SSL on PG 9.2.1 server  (Hari Babu <haribabu.kommi@huawei.com>)
Responses Re: JDBC connection test with SSL on PG 9.2.1 server
List pgsql-jdbc
Tree view
Hari,

JDBC uses java's SSL infrastructure, as such I don't think it's a defect in JDBC. It could be because your truststore does not require a password.



Dave Cramer

dave.cramer(at)credativ(dot)ca
http://www.credativ.ca


On Mon, Jan 28, 2013 at 9:03 AM, Hari Babu <haribabu.kommi@huawei.com> wrote:
While testing PostgreSQL JDBC java client to connect to the PG 9.2.1
database server using SSL.
we got the following behavior.

The test steps as below:

url = "jdbc:postgresql://" + "10.145.98.227" + ':'
            + "8707" + '/'
            + "POSTGRES";
    Properties props = new Properties();
    props.setProperty("user", "CLIENT");
    props.setProperty("password", "1234@QWER");
    props.setProperty("ssl", "true");

      System.setProperty("javax.net.ssl.trustStore", "193store");
      System.setProperty("javax.net.ssl.keyStore", "193client.jks");
      System.setProperty("javax.net.ssl.trustStorePassword", "qwerty");
    System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");

    /*Begin the first ssl connection*/
    conn1 = DriverManager.getConnection(url, props);
    System.out.println("Connection1 successful!");


      System.setProperty("javax.net.ssl.trustStore", "193store");
      System.setProperty("javax.net.ssl.keyStore", "193client.jks");
      System.setProperty("javax.net.ssl.trustStorePassword", "qwerty");
    System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");

    /*Begin the second ssl connection*/
    conn2 = DriverManager.getConnection(url, props);
    System.out.println("Connection2 successful!");

Before first connection we set
"System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");" qwerty is
the right password
and before second SSL connection we set
"System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");"
wrongpassword is the wrong password.

we expect  the first SSL connection will be successful and second failed
because of wrong password, but actually we get two successful SSL
connections.
We found that  if the first SSL connections password set right, all the
following SSL connections are fine ,even set wrong keystroke password.

1. Is this a defect about JDBC?
2. Is it SSL behavior to authenticate only once?
3. Is it system property behavior can be set only once.
4. Is it because of any other problems?

please give your suggestions?

Regards,
Hari babu.



--
Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-jdbc

pgsql-jdbc by date:

Previous
From: Hari Babu
Date:
Subject: JDBC connection test with SSL on PG 9.2.1 server
Next
From: Nathaniel Waisbrot
Date:
Subject: Bug report: NullPointerException from Driver.connect when passed a Properties with non-string values