Re: SSL patch - Mailing list pgsql-jdbc

From Bodor András
Subject Re: SSL patch
Date
Msg-id CAFpnbPVHbyCuq8+McrYJBunuKjo4ern6Vi1cFHHCg57xthNbkA@mail.gmail.com
Whole thread Raw
In response to Re: SSL patch  (Dave Cramer <pg@fastcrypt.com>)
List pgsql-jdbc
Can you send me some error log, and your database setup?

On Thu, Nov 10, 2011 at 4:19 PM, Dave Cramer <pg@fastcrypt.com> wrote:
> Hi Bodor,
>
> Understood.
>
> So now all the tests are failing some due to unknown ca, others to
> certificate expired ?
>
> Dave Cramer
>
> dave.cramer(at)credativ(dot)ca
> http://www.credativ.ca
>
>
>
>
> On Thu, Nov 10, 2011 at 9:30 AM, Bodor András <bodri.mh3@gmail.com> wrote:
>> Dear Dave,
>>
>> The installation of sslinfo is only necessary for the unit tests, it is
>> not used at all in the driver itself. Obviously I wanted to test weather
>> we were actually using ssl, but it is not essential. It can be removed,
>> or an additional option can be introduced to ssltest.properties.
>> The relevant lines are in
>> org.postgresql.test.ssl.SslTest.driver(String connstr, Object[]
>> expected)
>>
>> There are a few things still to be done with this patch.
>> 1. the jdbc datasource interface was not modified at all,
>> so it is unaware of the new options,
>> 2. it should be decided, what is the expected behaviour of sslmode=allow
>> or prefer (they might be omitted completely),
>> 3. I have not tested certificate chains yet,
>> 4. when a client certificate is available, the v8 and v9 servers
>> behave differently (BUG #5468 is fixed in v9) so different unit test are
>> needed to check this,
>> 5. there is a list of options somewhere in the code, this should
>> be updated as well,
>> 6. documentation.
>>
>>           Andras
>>
>> On Thu, Nov 10, 2011 at 2:56 PM, Dave Cramer <pg@fastcrypt.com> wrote:
>>> Andras,
>>>
>>> I'm looking at your patch attached to this link
>>> http://archives.postgresql.org/pgsql-jdbc/2011-08/msg00067.php right
>>> now. Thanks by the way!
>>>
>>> The only thing I'd like to pose to the list is the necessity for
>>> sslinfo to be installed in any database. I can envision some
>>> production environments which this may not be possible ?
>>>
>>> Dave Cramer
>>>
>>> dave.cramer(at)credativ(dot)ca
>>> http://www.credativ.ca
>>>
>>>
>>>
>>>
>>> On Thu, Sep 15, 2011 at 11:41 AM, Bodor Andras <bodri.mh3@gmail.com> wrote:
>>>>
>>>>  Yes, it is also included in the patch
>>>> (package org.postgresql.test.ssl). It
>>>> tries to connect to a series of databases
>>>> with different ssl properties. The connection
>>>> strings are given in the ssltest.properties
>>>> file in the root of the distribution. Just
>>>> comment out the connstrings, that you don't
>>>> want to run. Also read the certdir/README
>>>> file. (build.xml is modified to run this test.)
>>>>           Andras
>>>>
>>>>
>>>> Dave Cramer wrote:
>>>>>
>>>>> Hi Bodor,
>>>>>
>>>>> So do you have any test cases for this ?
>>>>>
>>>>> Dave Cramer
>>>>>
>>>>> dave.cramer(at)credativ(dot)ca
>>>>> http://www.credativ.ca
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> 2011/9/13 Bodor Andras<bodri.mh3@gmail.com>:
>>>>>>
>>>>>>  Hi!
>>>>>>
>>>>>>  Can You make any use of my SSL patch sent in on the 23th of August?
>>>>>>           Andras
>>>>>>
>>>>>> --
>>>>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
>>>>>> To make changes to your subscription:
>>>>>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
>>>> To make changes to your subscription:
>>>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>>>
>>>
>>
>

pgsql-jdbc by date:

Previous
From: Bruno Harbulot
Date:
Subject: Re: SSL patch
Next
From: Bodor András
Date:
Subject: Re: SSL patch