Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: JDBC with SSL: msg#00286

db.postgresql.jdbc

Subject: Re: JDBC with SSL

That is exactly what we did Friday afternoon, and it works great.

Thanks,
John


----- Original Message -----
From: "Csaba Nagy" <nagy@xxxxxxxxxxxxxx>
To: "John Laban" <johnl@xxxxxxxxxx>
Cc: "Nagy Istvan" <nistvan@xxxxxxxxxxxxxx>; "Postgres JDBC"
<pgsql-jdbc@xxxxxxxxxxxxxx>
Sent: Monday, March 31, 2003 3:29 AM
Subject: Re: [JDBC] JDBC with SSL


> The following piece of code did it for us (I've found it):
>
> static {
> // add support for https and the like
> System.setProperty("java.protocol.handler.pkgs",
> "com.sun.net.ssl.internal.www.protocol");
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>
> try {
> SSLContext ctx = SSLContext.getInstance("TLS");
> ctx.init(
> null,
> new TrustManager[] {
> new X509TrustManager() {
> public X509Certificate[] getAcceptedIssuers() {
> return new X509Certificate[0];
> }
>
> public boolean isClientTrusted(X509Certificate[]
> x509Certificates) {
> return true;
> }
>
> public boolean isServerTrusted(X509Certificate[]
> x509Certificates) {
> return true;
> }
> }
> },
> null
> );
>
>
> HTTPConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
> } catch (Exception e) {
> System.out.println("Failed to set SSL socket factory for
> HTTPClient. There might be problems with https.");
> }
>
> }
>
> HTH,
> CSaba.
>
>
> On Fri, 2003-03-28 at 21:08, John Laban wrote:
> > Thanks for the tip, but sorry, no luck.
> >
> > As for us, we're going to try modifiying the driver to use a custom
> > SSLSocketFactory that won't care about the authentication procedure.
> >
> > Thanks,
> > John Laban
> >
> >
> > ----- Original Message -----
> > From: "Nagy Istvan" <nistvan@xxxxxxxxxxxxxx>
> > To: "John Laban" <johnl@xxxxxxxxxx>
> > Cc: <pgsql-jdbc@xxxxxxxxxxxxxx>
> > Sent: Friday, March 28, 2003 2:07 PM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> > > Hi John,
> > >
> > > try this one (i hope it works)
> > >
> > > 1. open the certificate in a text editor
> > > 2. look for the line starting like this: ------ BEGIN CERTIFICATE ...
> > > 3. cut the closing section of the file ( incl. the ---- BEGIN
CERTIFICATE
> > > and ---- END CERTIFICATE lines) and copy it into the file cert2.crt
> > > 4. run: $ keytool -import -alias alias_name -file cert2.crt
> > > 5. answer all questions and say that you trust this cert
> > >
> > > If you were successful can you tell me about your config? I use
> > jdk1.3.0_02
> > > and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer
as
> > > follows:"FATAL: failed to initialize SSL connection: wrong version
> > number".
> > > I see the next in the server's log file: "FATAL: failed to initialize
SSL
> > > connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL
error:
> > > Connection reset by peer"
> > >
> > > If i change the next line in the back and code :
> > > SSL_context=SSL_CTX_new(TLSv1_method()) to
> > > SSL_context=SSL_CTX_new(SSLv23_method()) and
> > > initialize the factory in the jdbc driver by using SSLv23 then
> > > everything is ok.
> > >
> > > why?
> > >
> > > regards / Istvan Nagy
> > >
> > > ----- Original Message -----
> > > From: John Laban <johnl@xxxxxxxxxx>
> > > To: Barry Lind <blind@xxxxxxxxxx>
> > > Cc: <pgsql-jdbc@xxxxxxxxxxxxxx>
> > > Sent: Friday, March 28, 2003 6:06 PM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > > > Hello again,
> > > >
> > > > I have made numerous attempts to import the certificate from the
server
> > to
> > > > the client machine using java keytool with no success - the keytool
> > > > complains that the file is not a valid X.509 format.
> > > >
> > > > Additionally, for my application, only the encryption of the channel
is
> > > > important so if it is possible to create an ssl connection without
the
> > > > authentication portion that would be the best solution.
> > > >
> > > >
> > > > However I would still appreciate any information on how to import
the
> > > > certificate (as generated using the Postgresql documention) into the
> > java
> > > > certificate store.
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Barry Lind" <blind@xxxxxxxxxx>
> > > > To: "John Laban" <johnl@xxxxxxxxxx>
> > > > Cc: <pgsql-jdbc@xxxxxxxxxxxxxx>
> > > > Sent: Friday, March 28, 2003 11:11 AM
> > > > Subject: Re: [JDBC] JDBC with SSL
> > > >
> > > >
> > > > > John,
> > > > >
> > > > > The error message indicates that your client doesn't trust the
servers
> > > > > certificate. My guess is that you are using a self-signed
certificate
> > > > > on the server. If you want to be able to connect you are going to
> > need
> > > > > to import that certificate into the client side java certificate
store
> > > > > so that it recognizes the self-signed certificate as valid and
> > trusted.
> > > > >
> > > > > thanks,
> > > > > --Barry
> > > > >
> > > > >
> > > > > John Laban wrote:
> > > > > > Thanks for the quick reply, but I'm still having some
difficulty.
> > > > > >
> > > > > > I have been trying to connect to postgresql (redhat version
7.2.3.1)
> > > > using
> > > > > > JDBC and SSL - I am using the 7.4 development driver.
> > > > > >
> > > > > > I know that the server side is set up correctly because when
> > > connecting
> > > > > > using psql the connection is established using SSL.
> > > > > >
> > > > > >
> > > > > > However when connecting via JDBC I receive
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > > > > >
> > > > > > ssl = true
> > > > > >
> > > > > > compatible = 7.4
> > > > > >
> > > > > > loglevel = 2
> > > > > >
> > > > > > Asking server if it supports ssl
> > > > > >
> > > > > > Server response was (S=Yes,N=No): S
> > > > > >
> > > > > > server does support ssl
> > > > > >
> > > > > > converting regular socket connection to ssl
> > > > > >
> > > > > >
> > > > > >
> > > > > > at
org.postgresql.core.PGStream.flush(PGStream.java:364)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > > nection.java:269)
> > > > > >
> > > > > > at org.postgresql.Driver.connect(Driver.java:137)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > > >
> > > > > > at docextractor.test.main(test.java:35)
> > > > > >
> > > > > >
> > > > > > Exception: An I/O error has occured while flushing the output -
> > > > Exception:
> > > > > > javax.net.ssl.SSLHandshakeException:
> > > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > > certificate
> > > > > >
> > > > > > Stack Trace:
> > > > > >
> > > > > >
> > > > > >
> > > > > > javax.net.ssl.SSLHandshakeException:
> > > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > > certificate
> > > > > >
> > > > > > at
> > > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > > >
> > > > > > at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > > >
> > > > > > at
com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > > > > >
> > > > > > at
> > > > > >
> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > > > > >
> > > > > > at
> > > > > >
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > > > > >
> > > > > > at
org.postgresql.core.PGStream.flush(PGStream.java:360)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > > nection.java:269)
> > > > > >
> > > > > > at org.postgresql.Driver.connect(Driver.java:137)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > > >
> > > > > > at docextractor.test.main(test.java:35)
> > > > > >
> > > > > >
> > > > > > Caused by: java.security.cert.CertificateException: Couldn't
find
> > > > trusted
> > > > > > certificate
> > > > > >
> > > > > >
> > > > > > at
> > > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > > > > 275)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > > > > 275)
> > > > > >
> > > > > > ... 15 more
> > > > > >
> > > > > >
> > > > > > End of Stack Trace
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > At the server side I get
> > > > > >
> > > > > >
> > > > > >
> > > > > > Failed to inititalize SSL Connection: sslv3 alert certificate
> > unknown
> > > > > > (Success)
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > I have not been able to find any clear resolutions to this
problem.
> > If
> > > > > > someone can shed some light on a solution to this problem it
would
> > be
> > > > > > greatly appreciated.
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Barry Lind" <blind@xxxxxxxxxx>
> > > > > > To: "John Laban" <johnl@xxxxxxxxxx>
> > > > > > Cc: <pgsql-jdbc@xxxxxxxxxxxxxx>
> > > > > > Sent: Thursday, March 27, 2003 5:58 PM
> > > > > > Subject: Re: [JDBC] JDBC with SSL
> > > > > >
> > > > > >
> > > > > >
> > > > > >>John,
> > > > > >>
> > > > > >>This hasn't yet made it to the documentation.
> > > > > >>
> > > > > >>but adding ?ssl to the url should be what you need. (also
consider
> > > > > >>using &loglevel=2 to turn on debugging info).
> > > > > >>
> > > > > >>--Barry
> > > > > >>
> > > > > >>John Laban wrote:
> > > > > >>
> > > > > >>>Hello,
> > > > > >>>
> > > > > >>>The newest developement JDBC drivers (7.4dev, build 204,
> > 2003-03-23)
> > > > say
> > > > > >
> > > > > > they include support for SSL. I can set up the server to use
SSL,
> > but
> > > I
> > > > > > can't seem to get the JDBC driver to actually connect using SSL.
Is
> > > > there
> > > > > > any documentation on this? Or is there a specific parameter I
am
> > > > supposed
> > > > > > to include in the connection URL?
> > > > > >
> > > > > >>>Any help in this would be appreciated.
> > > > > >>>
> > > > > >>>John Laban
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >>---------------------------(end of
> > > broadcast)---------------------------
> > > > > >>TIP 5: Have you checked our extensive FAQ?
> > > > > >>
> > > > > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > > > > >
> > > > > >
> > > > > >
> > > > > > ---------------------------(end of
> > > broadcast)---------------------------
> > > > > > TIP 6: Have you searched our list archives?
> > > > > >
> > > > > > http://archives.postgresql.org
> > > > > >
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > broadcast)---------------------------
> > > > > TIP 6: Have you searched our list archives?
> > > > >
> > > > > http://archives.postgresql.org
> > > >
> > > >
> > > > ---------------------------(end of
broadcast)---------------------------
> > > > TIP 4: Don't 'kill -9' the postmaster
> > > >
> > >
> > >
> > > ---------------------------(end of
broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
> > message can get through to the mailing list cleanly
> >
>


---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Call pl/sql function, Hans-Jürgen Schönig
Next by Date:  Re: JDBC2 driver failure, Haig Ehramdjian
Previous by Thread:  Re: JDBC with SSL, Csaba Nagy
Next by Thread:  JDO, John Pfersich
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
drivers.mtd/200...    security.firewa...    java.openamf.cv...    rpm.yum/2003-08...    telephony.sipp....    file-systems.oc...    qnx.openqnx.dev...    voip.linphone.u...    hardware.sony/2...    network.simulat...    boot-loaders.gr...    ietf.usenet.for...    culture.languag...    emacs.latex.pre...    music.jamiroqua...    xfree86.neomagi...    user-groups.lin...    ltp/2006-08/msg...    kde.kst/2005-08...    programming.too...    os.freebsd.deve...    window-managers...    audio.cd-record...    gnu.fiasco.bugs...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation