Re: Supporting Subject Alternative Names for SSL connections on pgJDBC

Hi

Thanks for the patch! I will look at this.

Dave Cramer

davec(at)postgresintl(dot)com
www.postgresintl.com

On 3 February 2017 at 00:47, Higuchi, Daisuke <
higuchi(dot)daisuke(at)jp(dot)fujitsu(dot)com> wrote:

> Hello
>
> I re-issue old discussions about "Subject Alternative Names (SANs)".
> PostgreSQL can check SANs now [1], so pgJDBC should support this feature
> too, I think.
> Seeing past activity about SANs, I found the patch is contributed by Bruno
> [2] but no committed.
> I want to know developer's opinion about supporting SANs on pgJDBC.
>
> This feature is useful when failover is occurred.
> If failover is occurred, a single DNS name may point to different hosts
> after failover.
> Certainly we can use wildcards in the server common name, but this does
> not work if hosts name are complexed.
> On other words, common name "*.db.example.com" only works for names like "
> master.db.example.com", "slave.db.example.com",
> but not for the "example.com" and "db-master.example.com" and "
> db-slave.example.com" or other more complex naming schemas.
>
> I attached the initial patch (does not include unit test now), this is
> extracted from the patch created by Bruno and fixed a little.
>
> [1] https://www.postgresql.org/docs/current/static/libpq-ssl.html
> [2] https://www.postgresql.org/message-id/ja1a2v%24p2e%241%
> 40dough.gmane.org
>
> Regards,
> Daisuke, Higuchi
>
>
>
> --
> Sent via pgsql-jdbc mailing list (pgsql-jdbc(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-jdbc
>
>