Re: Customizing SSL with jdbc

On Tue, 7 Sep 2004, chinmoy wrote:

> Hi
> I am using the jdbc driver for postgresql 7.4.5. I would like it to
> use a custom SSLSocketFactory. It seems like the Driver uses the
> javax.net.ssl.SSLSocketFactory.getDefault() method to create a socket
> factory. Other than compiling the Driver with a different class, is
> there any other way of doing this? For eg would it be worthwhile to
> provide a method in the org.postgresql.Driver class that lets one set
> the class that would then be aksed in the makeSSL method to create the
> SSLSocketFactory instance.?
> Chinmoy
>

There was some discussion of this, notably to provide a ssl connection
without adding the servers certificate to the jvm's trust store (which can
be a pain). Recently Oliver had proposed adjusting our ssl url parameter
to add some more options like request vs. require to use ssl if available.
I had considered adding a noauth or similar option to try and meet these
requirements. What's special about your SSLSocketFactory? Is it
something others would be interested in as a generally useful thing or
something very specific?

The problem with adding a call to org.postgresql.Driver is that it must
use a static variable that affects all connections. It would be better to
use a url parameter somehow. See the discussions here:

http://archives.postgresql.org/pgsql-jdbc/2004-02/msg00184.php

http://archives.postgresql.org/pgsql-jdbc/2004-02/msg00199.php

Kris Jurka