On Thu, 13 Nov 2008, Magnus Hagander wrote:
> 1) It is my understanding that the JDBC driver will do certificate
> validation of the servers certificate by default. Can someone confirm
> this?
Yes, by default the server cert is validated. An option is provided to
not validate it if desired. [1]
> 2) Does the JDBC driver support client certificates, and if so, how?
> This *should* require no changes to work with the client certificate
> authentication method I'm hoping to get into 8.4, but it would be good
> to test that :-) And if it's not supported now, how much work would it
> be to add support for it?
>
Currently client certificates are not supported. Two patches have been
posted to make this work [2], but I haven't really looked at either of
them.
Kris Jurka
[1] http://jdbc.postgresql.org/documentation/83/ssl-client.html#nonvalidating
[2] http://pgfoundry.org/tracker/index.php?func=detail&aid=1010293&group_id=1000224&atid=856
