Re: ssl connection issues

On 14 September 2018 at 18:20, Dave Cramer <pg(at)fastcrypt(dot)com> wrote:

>
>
>
> On Thu, 13 Sep 2018 at 11:10, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
>
>> On 13 September 2018 at 20:23, Gabriele Bulfon <gbulfon(at)sonicle(dot)com>
>> wrote:
>>
>>> Hello,
>>>
>>> I recently configured Postgresql 9.0.9 with SSL only "on" and all its
>>> needed server certificates.
>>> I then created the client certificates and started working with them
>>> from a windows client.
>>>
>>> At first I used them with tools like Navicat, just specified the 3 certs
>>> files (key,crt and root.crt) in the ssl pane, worked fine.
>>>
>>> Then I tried with ODBC, placed the files in %APPDATA%/postgresql with
>>> correct names (postgresql.key, postgresql.crt, root.crt), created the
>>> connection and tested it, worked fine.
>>>
>>> Last I tried with jdbc, thinking it would have been so easy: I'm
>>> fighting for 2 days with lots of different issues.
>>> After some messing, I also finally discovered that, different from odbc,
>>> it would look for a pk8 file (why this difference?).
>>>
>>
>> AFAIK it's largely historical, and due to now-lifted limitations in JSSE.
>>
>> You should probably use sslfactory=org.postgresql.ssl.LibPQFactory and
>> possibly specify explicit paths for the sslcert and sslkey parameters.
>>
>> This seems to be undocumented, unfortunately.
>>
>
> the default is LibPQFactory and it is fairly well documented.
>
> https://jdbc.postgresql.org/documentation/head/connect.
> html#connection-parameters
>
>
Nope, apparently the only problem is my reading ability. Sorry.

That does make me wonder why Gabriele is having this issue though.

--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services