Re: SSL patch
| От | Bruno Harbulot |
|---|---|
| Тема | Re: SSL patch |
| Дата | |
| Msg-id | ja1a2v$p2e$1@dough.gmane.org обсуждение исходный текст |
| Ответ на | Re: SSL patch (Bruno Harbulot <bruno@distributedmatter.net>) |
| Список | pgsql-jdbc |
Hello, I'm attaching a tentative patch merging the concepts discussed in this thread (and based on András Bodor's patch) and on the discussion in this older thread: http://archives.postgresql.org/pgsql-jdbc/2011-05/msg00069.php I've tried to resolve the differences between the two approaches: Libpq and Java JSSE defaults. I guess there are two categories of potential users for this: users coming from psql and those coming from the Java world. They'd probably tend to expect different default settings and options. This relies on an SslContextFactory and extending classes. In this patch, SslContextFactory itself isn't actually used (it could be with a given option). It would use the default SSLContext (which may be set via SSLContext.setDefault(...) in Java 6 and above, and thus may not necessarily be the one initialised via the usual javax.* properties). There's a BasicSslContextFactory (extending SslContextFactory) which provide methods to create trust managers, key managers and secure randoms. These are meant to be overridden, otherwise, it will use the default (null) to initialise the SSLContext (which is the same as using the JSSE defaults). It includes convenience methods to build key and trust managers from KeyStores. LibPQSslContextFactory extends BasicSslContextFactory and re-uses most of András's code, initialised from a set of Properties. This is the one used when 'sslmode' is set. Note that this is where there would be a conflict regarding the default values (if not testing for 'sslmode'), since the default CA file is different from what Java would use as its default. PropertiesSslContextFactory extends BasicSslContextFactory but is based on the work by Marc-André Laverdière and Craig Ringer from the previous thread. I've also tweaked it to fall back on the default values from the JSSE, also allowing for non-file-based keystores (e.g. PKCS#11), as discussed here: http://archives.postgresql.org/pgsql-jdbc/2011-11/msg00024.php This one could certainly be modified to use Properties that are not the System properties, but info passed in the JDBC URL. Regarding the hostname verification, I've moved András's verifier into a separate class (DefaultHostnameVerifier). It's used by default unless a hostname verifier class name is passed or sslmode is set and set to a value different from 'verify-full' (in which case PassthroughHostnameVerifier is used). I've also added the SAN verification. In addition to the 'sslfactory' parameter (which was there, for an SSLSocketFactory), I've considered adding a parameter for an SslContextFactory, but haven't. Any opinions? It might make it easier to pass more complex SSLContexts directly (e.g. via the of the SSLContextFactories I've done in http://www.jsslutils.org/), but this could also be done by using a custom SSLSocketFactory. I must admit it hasn't been extensively tested, but I'd welcome comments about this approach. I hope this may help unify this work with the earlier work (sorry, I wasn't aware of it when I first replied to this thread a few days ago). Best wishes, Bruno.
Вложения
В списке pgsql-jdbc по дате отправления: