Thread: Connection to PgSQL does not use SSL with JDBC driver 9.4 if the parameter is passed through Properties rather than URL
Connection to PgSQL does not use SSL with JDBC driver 9.4 if the parameter is passed through Properties rather than URL
Greetings,
I found an issue with JDBC driver postgresql-9.4.1207.jre7 involving SSL connections.
First the context. In order to enforce TLSv1.2 connection, i extend the PostgreSQL driver in order to set properties by default :
public class SecurePostgresqlDriver extends Driver {
@Override
public Connection connect(String url, Properties info) throws SQLException {
info.setProperty(PGProperty.SSL.getName(), "true");
info.setProperty(PGProperty.SSL_FACTORY.getName(), SecurePostgresqlSocketFactory.class.getCanonicalName());
return super.connect(url, info);
}
}
But this leads me to an exception:
org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "xxx", database "xxx", SSL off
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:427)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:203)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:65)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:159)
at org.postgresql.Driver.makeConnection(Driver.java:415)
at org.postgresql.Driver.connect(Driver.java:283)
at SecurePostgresqlDriver.connect(SecurePostgresqlDriver.java:21)
For the note, using the default org.postgresql.Driver class and adding "?ssl=true&sslfactory=SecurePostgresqlSocketFactory" at the end of the URL works.
I did a little debbuging, and this is what i found.
- org.postgresql.Driver.connect(String, Properties) calls the parseURL(String, Properties) method at line 264, which creates a new Properties instance with the paramater one as default (Driver :537)
- This new instance overrides the original one on this same line. So from now on my SSL and SSL_FACTORY are default properties of the current one. If the parameters were passed through URL, they would be actual properties rather than default ones.
- This instance is passed to the PgConnection, which passes it to the ConnectionFactory, which passes it to the ConnectionFactoryImpl.
- org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(HostSpec[], String, String, Properties, Logger) checks the SSL property at line 74 by calling PGProperty.isPresent(Properties)
- org.postgresql.PGProperty.isPresent(Properties) calls the getSetString(Properties) method at line 468, but this method does not check default properties.
- My SSL and SSL_FACTORY properties are ignored since they are default ones, and thus a non-SSL connection is opened.
Hence i have two questions :
- Do SSL and SSL_FACTORY properties have to be passed through URL ?
- If not, can you please patch this ? J
Best regards,
Matthieu SANCHEZ
Re: Connection to PgSQL does not use SSL with JDBC driver 9.4 if the parameter is passed through Properties rather than URL
Hi, This sounds like a bug. Can you file a PR? Vladimir
Re: Connection to PgSQL does not use SSL with JDBC driver 9.4 if the parameter is passed through Properties rather than URL
On 15/01/16 10:24, Vladimir Sitnikov wrote: > Hi, > > This sounds like a bug. > Can you file a PR? > Vladimir > > Hi, Take a look at this PR [1]. It fixed a regression released in 1205 release. The PR solved the problem of API calls to Driver.setLogLevel(int) not getting overwritten by a default value being loaded in PgConnection at line 187 [2]. It's good this has been raised though and a PR necessary to fix. The change could go here [3] to adapt to the semantic change of isPresent method. Now it does not fall back to the default. Jeremy [1] https://github.com/pgjdbc/pgjdbc/pull/438 [2] https://github.com/pgjdbc/pgjdbc/blob/master/pgjdbc/src/main/java/org/postgresql/jdbc/PgConnection.java#L187 [3] https://github.com/pgjdbc/pgjdbc/blob/master/pgjdbc/src/main/java/org/postgresql/core/v3/ConnectionFactoryImpl.java#L79
Re: Connection to PgSQL does not use SSL with JDBC driver 9.4 if the parameter is passed through Properties rather than URL
I forgot the mailing in my answers to Vladimir. I'm new to bug reporting and Github, so for the time being i can only file an issue: https://github.com/pgjdbc/pgjdbc/issues/492 Matthieu.