Re: A solution to the SSL customizing problem

From: Ulrich Meis <kenobi(at)halifax(dot)rwth-aachen(dot)de>
To: Kris Jurka <books(at)ejurka(dot)com>
Cc: Oliver Jowett <oliver(at)opencloud(dot)com>, pgsql-jdbc(at)postgresql(dot)org
Subject: Re: A solution to the SSL customizing problem
Date: 2004-10-19 22:49:39
Message-ID: 200410200049.39716.kenobi@halifax.rwth-aachen.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

On Sunday 17 October 2004 14:07, Kris Jurka wrote:
> On Sat, 16 Oct 2004, Ulrich Meis wrote:
> > [here's a patch to customize ssl.]
>
> I've applied a modified version of this patch. I moved the Driver.makeSSL
> implementation into it's own class to not use @SSL@ everywhere. I renamed
> the sslfactoryargs to sslfactorarg because it really is one argument. If
> the user chooses to encode multiple arguments into it, that's really his
> own business. I put a NonValidatingFactory class in to demonstrate
> how this can work and provide the most requested functionality.

Thanks a lot!

> Questions:
>
> In the non-validating factory I have a SSLContext.getInstance("TLS"), but
> I've also seen it use "SSL". Is either preferred or does it matter for
> pg?

The JSSE docs say :

---
Like other JCA provider-based "engine" classes, SSLContext objects are created
using the getInstance factory methods of the SSLContext class. These static
methods each return an instance that implements at least the requested secure
socket protocol.
---

My guess is that the minimum requirement for pg is ssl (tls being its
successor). Hence, I would use getInstance("SSL") but I suppose most java
versions will support both anyway.

Uli

In response to

Browse pgsql-jdbc by date

  From Date Subject
Next Message Serguei Mokhov 2004-10-21 07:47:34 Translation updates: ru.po
Previous Message Oliver Jowett 2004-10-19 21:36:39 Re: Avoiding explicit addDataType calls for PostGIS