Re: SSL patch - Mailing list pgsql-jdbc

From Bodor András
Subject Re: SSL patch
Date
Msg-id CAFpnbPVv2kLWYeMEO7Ufas+JqAGPRDeoTmno=NqoJ82gaRdybw@mail.gmail.com
Whole thread Raw
In response to Re: SSL patch  (Dave Cramer <pg@fastcrypt.com>)
Responses Re: SSL patch
Re: SSL patch
List pgsql-jdbc
Dear Dave,

The installation of sslinfo is only necessary for the unit tests, it is
not used at all in the driver itself. Obviously I wanted to test weather
we were actually using ssl, but it is not essential. It can be removed,
or an additional option can be introduced to ssltest.properties.
The relevant lines are in
org.postgresql.test.ssl.SslTest.driver(String connstr, Object[]
expected)

There are a few things still to be done with this patch.
1. the jdbc datasource interface was not modified at all,
so it is unaware of the new options,
2. it should be decided, what is the expected behaviour of sslmode=allow
or prefer (they might be omitted completely),
3. I have not tested certificate chains yet,
4. when a client certificate is available, the v8 and v9 servers
behave differently (BUG #5468 is fixed in v9) so different unit test are
needed to check this,
5. there is a list of options somewhere in the code, this should
be updated as well,
6. documentation.

           Andras

On Thu, Nov 10, 2011 at 2:56 PM, Dave Cramer <pg@fastcrypt.com> wrote:
> Andras,
>
> I'm looking at your patch attached to this link
> http://archives.postgresql.org/pgsql-jdbc/2011-08/msg00067.php right
> now. Thanks by the way!
>
> The only thing I'd like to pose to the list is the necessity for
> sslinfo to be installed in any database. I can envision some
> production environments which this may not be possible ?
>
> Dave Cramer
>
> dave.cramer(at)credativ(dot)ca
> http://www.credativ.ca
>
>
>
>
> On Thu, Sep 15, 2011 at 11:41 AM, Bodor Andras <bodri.mh3@gmail.com> wrote:
>>
>>  Yes, it is also included in the patch
>> (package org.postgresql.test.ssl). It
>> tries to connect to a series of databases
>> with different ssl properties. The connection
>> strings are given in the ssltest.properties
>> file in the root of the distribution. Just
>> comment out the connstrings, that you don't
>> want to run. Also read the certdir/README
>> file. (build.xml is modified to run this test.)
>>           Andras
>>
>>
>> Dave Cramer wrote:
>>>
>>> Hi Bodor,
>>>
>>> So do you have any test cases for this ?
>>>
>>> Dave Cramer
>>>
>>> dave.cramer(at)credativ(dot)ca
>>> http://www.credativ.ca
>>>
>>>
>>>
>>>
>>> 2011/9/13 Bodor Andras<bodri.mh3@gmail.com>:
>>>>
>>>>  Hi!
>>>>
>>>>  Can You make any use of my SSL patch sent in on the 23th of August?
>>>>           Andras
>>>>
>>>> --
>>>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
>>>> To make changes to your subscription:
>>>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>>>
>>>
>>
>>
>> --
>> Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgsql-jdbc
>>
>

pgsql-jdbc by date:

Previous
From: Dave Cramer
Date:
Subject: Re: SSL patch
Next
From: Magosányi Árpád
Date:
Subject: Re: SSL patch