| From: | zloster <more(at)edno(dot)moe> |
|---|---|
| To: | Dave Cramer <pg(at)fastcrypt(dot)com>, Gabriele Bulfon <gbulfon(at)sonicle(dot)com> |
| Cc: | Alexander Kjäll <alexander(dot)kjall(at)gmail(dot)com>, pgsql-jdbc(at)lists(dot)postgresql(dot)org |
| Subject: | Re: ssl connection issues |
| Date: | 2018-09-19 07:21:03 |
| Message-ID: | 652173d1-71e1-68c1-54f5-958dc7a845e8@edno.moe |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On 18.09.2018 18:27, Dave Cramer wrote:
>
> On Tue, 18 Sep 2018 at 11:23, Gabriele Bulfon <gbulfon(at)sonicle(dot)com
> <mailto:gbulfon(at)sonicle(dot)com>> wrote:
>
> The only server cert known to me that is needed to the client is
> the root.crt (the ca cert) of the server used to sign the client cert.
> These three files are all that is needed to the odbc driver, to
> the native navicat dll connection, and to any other certs-based
> ssl connection such as openvpn.
> Actually the jdbc code is not complaining about the certs (if I
> remove any of them it will complain), something is going wrong
> during the ssl handshake that I cannot understand.
> Is there any way to log more stuff on the server postgres.log
> about the ssl handshake?
>
>
> I'm sure there is but I don't know how. The server is not my domain.
>
> Try connecting with psql. If you can connect with that then JDBC
> should be able to connect.
>
> Dave Cramer
>
> davec(at)postgresintl(dot)com <mailto:davec(at)postgresintl(dot)com>
> www.postgresintl.com <http://www.postgresintl.com/>
>
Hi to all,
IMO it will be better to inspect the SSL/TLS handshake at the client -
the machine that is initiating the connection to the PostgreSQL server
through the JDBC driver.
Here are some links with the basic stuff about debugging the SSL/TLS
connections with the JVM:
1. https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https
- this is an introduction document. It points to the following two
pages. The first is describing what debug tools are available and
the second shows how to read the debug output:
* https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
* https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
2. https://access.redhat.com/solutions/973783 - same as the above but
in Q&A style
I've used the debug output once - I've needed to investigate why
communication with test HTTPS endpoint is working from a browser but not
from a Java 8 program. After nearly one day of looking at the connection
logs the problem turned out to be in the certificate chain - the browser
was happy with the intermediate certificates, but the JVM was not.
Best regards,
zloster
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Zenz | 2018-09-19 14:42:50 | Out parameters for functions. |
| Previous Message | Dave Cramer | 2018-09-18 15:27:37 | Re: ssl connection issues |