Re: Query related to postgresql jdbc 42.2.5

No, this was done on purpose. Is there some reason why you cannot add
sslmode=verify-ca ?

Dave Cramer

davec(at)postgresintl(dot)com
www.postgresintl.com

On Wed, 24 Oct 2018 at 11:25, pradeep puppala <pradeep09puppala(at)gmail(dot)com>
wrote:

> Hi Dave
>
> I am using 42.2.5 postgresql JDBC version. Can we disable hostname
> verification feature introduced in this version(42.2.5)
>
> Best Regards
> Pradeep
>
> On Fri 19 Oct, 2018, 3:55 PM pradeep puppala, <pradeep09puppala(at)gmail(dot)com>
> wrote:
>
>> Hi Dave Cramer,
>>
>> It have added sslfactory=org.postgtesql.ssl.DefaultJavaSSLFactory in my
>> db connection url and it worked for me.
>>
>> Thanks a lot Dave 😁
>>
>> Best Regards
>> Pradeep
>>
>> On Fri 19 Oct, 2018, 3:19 PM Dave Cramer, <pg(at)fastcrypt(dot)com> wrote:
>>
>>> Hello,
>>>
>>> with just ssl=true the default is to use LibPQFactory which does not use
>>> the trust store at all.
>>>
>>> In order to use the trust store you must set sslfactory to a valid
>>> SSLFactory as per
>>> https://jdbc.postgresql.org/documentation/head/ssl-factory.html
>>> There is a simple org.postgresql.ssl.DefaultJavaSSLFactory provided
>>> which uses the default java SSLFactory.
>>>
>>> Regards,
>>> Dave Cramer
>>>
>>> davec(at)postgresintl(dot)com
>>> www.postgresintl.com
>>>
>>>
>>> On Fri, 19 Oct 2018 at 03:01, pradeep puppala <
>>> pradeep09puppala(at)gmail(dot)com> wrote:
>>>
>>>> Hi Dave Cramer,
>>>>
>>>> Thank you for the suggestion. I have seen the links you shared and made
>>>> some changes in my certificates and in my connection url.
>>>> Now I am getting error as below.
>>>>
>>>> main, handling exception: javax.net.ssl.SSLHandshakeException:
>>>> sun.security.validator.ValidatorException: PKIX path validation failed:
>>>> java.security.cert.CertPathValidatorException: Path does not chain with any
>>>> of the trust anchors
>>>> org.postgresql.util.PSQLException: SSL error:
>>>> sun.security.validator.ValidatorException: PKIX path validation failed:
>>>> java.security.cert.CertPathValidatorException: Path does not chain with any
>>>> of the trust anchors
>>>>
>>>> Below are my db connection details
>>>>
>>>>
>>>> System.setProperty("javax.net.ssl.trustStore","/usr/java/jre1.7.0_25/lib/security/cacerts");
>>>>
>>>> System.setProperty("javax.net.ssl.trustStorePassword","changeit");
>>>>
>>>> System.setProperty("javax.net.ssl.keyStore","/home/.postgresql/client.keystore");
>>>>
>>>> System.setProperty("javax.net.ssl.keyStorePassword","changeit");
>>>> System.setProperty("javax.net.debug", "all");
>>>>
>>>> Properties props = new Properties();
>>>>
>>>> props.setProperty("user", "user1");
>>>> props.setProperty("password", "default");
>>>>
>>>> Class.forName("org.postgresql.Driver");
>>>>
>>>> //SSLContext.setDefault();
>>>> String url =
>>>> "jdbc:postgresql://localhost:5432/dbname?ssl=true";
>>>> Connection c = DriverManager.getConnection(url, props);
>>>>
>>>> I am using 42.2.5 jdbc postgresql jar for ssl db connection.
>>>> Can you help me with this error.
>>>>
>>>> Best Regards,
>>>> Pradeep
>>>>
>>>>
>>>> On Wed, Oct 17, 2018 at 3:45 AM Dave Cramer <pg(at)fastcrypt(dot)com> wrote:
>>>>
>>>>> or the release notes
>>>>>
>>>>> https://jdbc.postgresql.org/
>>>>>
>>>>> in 45.2.5 we changed the semantics you can add sslmode=prefer to not
>>>>> verify the cert.
>>>>>
>>>>> https://jdbc.postgresql.org/documentation/head/connect.html#connection-parameters
>>>>>
>>>>>
>>>>> Dave Cramer
>>>>>
>>>>> davec(at)postgresintl(dot)com
>>>>> www.postgresintl.com
>>>>>
>>>>>
>>>>> On Mon, 15 Oct 2018 at 22:38, rob stone <floriparob(at)gmail(dot)com> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> On Mon, 2018-10-15 at 18:29 +0530, pradeep puppala wrote:
>>>>>> > Hi
>>>>>> >
>>>>>> > I am trying to connect to postgresql database with jdbc postgresql
>>>>>> > 42.2.5 with "ssl=true" but I am getting error as below.
>>>>>> >
>>>>>> > SSL error: sun.security.validator.ValidatorException: PKIX path
>>>>>> > building failed:
>>>>>> > sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>> to
>>>>>> > find valid certification path to requested target.
>>>>>> >
>>>>>> > I am using self signed certificates and jre version is 1.7.0.151. I
>>>>>> > am struck here please help. Thanks in advance.
>>>>>> >
>>>>>> > Best regards
>>>>>> > Pradeep
>>>>>>
>>>>>> This post may provide some clues.
>>>>>>
>>>>>>
>>>>>> https://stackoverflow.com/questions/18378869/pkix-path-building-failed-in-java-application#24705398
>>>>>>
>>>>>> OR
>>>>>>
>>>>>>
>>>>>> https://stackoverflow.com/questions/18378869/pkix-path-building-failed-in-java-application#24705398
>>>>>>
>>>>>>
>>>>>> HTH,
>>>>>> Rob
>>>>>>
>>>>>>
>>>>>>
>>>>>>