Re: SSL patch - Mailing list pgsql-jdbc
| From | Bodor András |
|---|---|
| Subject | Re: SSL patch |
| Date | |
| Msg-id | CAFpnbPVHbyCuq8+McrYJBunuKjo4ern6Vi1cFHHCg57xthNbkA@mail.gmail.com Whole thread Raw |
| In response to | Re: SSL patch (Dave Cramer <pg@fastcrypt.com>) |
| List | pgsql-jdbc |
Can you send me some error log, and your database setup? On Thu, Nov 10, 2011 at 4:19 PM, Dave Cramer <pg@fastcrypt.com> wrote: > Hi Bodor, > > Understood. > > So now all the tests are failing some due to unknown ca, others to > certificate expired ? > > Dave Cramer > > dave.cramer(at)credativ(dot)ca > http://www.credativ.ca > > > > > On Thu, Nov 10, 2011 at 9:30 AM, Bodor András <bodri.mh3@gmail.com> wrote: >> Dear Dave, >> >> The installation of sslinfo is only necessary for the unit tests, it is >> not used at all in the driver itself. Obviously I wanted to test weather >> we were actually using ssl, but it is not essential. It can be removed, >> or an additional option can be introduced to ssltest.properties. >> The relevant lines are in >> org.postgresql.test.ssl.SslTest.driver(String connstr, Object[] >> expected) >> >> There are a few things still to be done with this patch. >> 1. the jdbc datasource interface was not modified at all, >> so it is unaware of the new options, >> 2. it should be decided, what is the expected behaviour of sslmode=allow >> or prefer (they might be omitted completely), >> 3. I have not tested certificate chains yet, >> 4. when a client certificate is available, the v8 and v9 servers >> behave differently (BUG #5468 is fixed in v9) so different unit test are >> needed to check this, >> 5. there is a list of options somewhere in the code, this should >> be updated as well, >> 6. documentation. >> >> Andras >> >> On Thu, Nov 10, 2011 at 2:56 PM, Dave Cramer <pg@fastcrypt.com> wrote: >>> Andras, >>> >>> I'm looking at your patch attached to this link >>> http://archives.postgresql.org/pgsql-jdbc/2011-08/msg00067.php right >>> now. Thanks by the way! >>> >>> The only thing I'd like to pose to the list is the necessity for >>> sslinfo to be installed in any database. I can envision some >>> production environments which this may not be possible ? >>> >>> Dave Cramer >>> >>> dave.cramer(at)credativ(dot)ca >>> http://www.credativ.ca >>> >>> >>> >>> >>> On Thu, Sep 15, 2011 at 11:41 AM, Bodor Andras <bodri.mh3@gmail.com> wrote: >>>> >>>> Yes, it is also included in the patch >>>> (package org.postgresql.test.ssl). It >>>> tries to connect to a series of databases >>>> with different ssl properties. The connection >>>> strings are given in the ssltest.properties >>>> file in the root of the distribution. Just >>>> comment out the connstrings, that you don't >>>> want to run. Also read the certdir/README >>>> file. (build.xml is modified to run this test.) >>>> Andras >>>> >>>> >>>> Dave Cramer wrote: >>>>> >>>>> Hi Bodor, >>>>> >>>>> So do you have any test cases for this ? >>>>> >>>>> Dave Cramer >>>>> >>>>> dave.cramer(at)credativ(dot)ca >>>>> http://www.credativ.ca >>>>> >>>>> >>>>> >>>>> >>>>> 2011/9/13 Bodor Andras<bodri.mh3@gmail.com>: >>>>>> >>>>>> Hi! >>>>>> >>>>>> Can You make any use of my SSL patch sent in on the 23th of August? >>>>>> Andras >>>>>> >>>>>> -- >>>>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) >>>>>> To make changes to your subscription: >>>>>> http://www.postgresql.org/mailpref/pgsql-jdbc >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) >>>> To make changes to your subscription: >>>> http://www.postgresql.org/mailpref/pgsql-jdbc >>>> >>> >> >
pgsql-jdbc by date: