zhong ming wu <mr.z.m.wu@gmail.com> Saturday 05 February 2011 15:31:30
> On Sat, Feb 5, 2011 at 3:58 AM, Radosław Smogura
>
> <rsmogura@softperience.eu> wrote:
> > I don't think JDBC driver use custom SSL "validators" including host name
> > and certificate chains, if you don't specify one with socket factory. It
> > lies on this what is available in JVM. It's looks like in this way Sun
> > SSL sockets works.
I was asking because I was need to configure truststore password with -D
(realy unsecure, because ps -wwx will show it), to make GF to open LDAPS
connection - I have self signed cert.
> Very likely that the settings is in JVM. When I wrote above reply I
> made it work on Mac.
> GF is using JVM of Apple. I am still struggling to make it work on
> windows 7 which uses Oracle JVM.
I tested GF 3.1 on IBM JDK. I looked into sources, there are many many places
that depends on Sun JVM implementation and Sun JDK. I wrote few lines to make
this work, but hmmm... many places left.
> Also in my replied above I meant to write that there is still
> hostname/CN mismatch with new unexpired commercial CA.
>
I didn't found, at a glance any piece of code that adds custom cert or host
name validation in JDBC driver, it uses this what will get from system.
<snip>
Regards,
Radek