Dear Jdbc developers!
Recently Bruno Harbulot sent in a patch, that handles
hostname verification for ssl connection. Let me send
a tentative patch, that may treat the ssl connections
close to that implemeted in libpg.
A few more connection properties are introduced these are:
-sslmode: similar to the libpg parameter, the allowed
values are disable, allow, prefer, require, verify-ca, verify-full
The parameter ssl should be made deprecated, as sslmode
can cover all the possibilities. In my patch ssl=true is still
necessary, to start ssl, then only require, verify-ca and verify-full
behave correctly. (In case of verify-full, the Common name
must match the hostname, or a leading * can match anything
except a dot.)
-sslcert,sslkey,sslrootcert: these are the locations of the client
certificate, client key, and server certificate. (CRLs ar not implemeted
yet.)
Surprisingly, java can read openssl certificates without any
modification, but the key must be converted to pkcs8 format:
openssl pkcs8 -topk8 -in client.key -out client.pk8 -outform DER -v1
PBE-MD5-DES
the ciphers, recognized by java are PBE-MD5-DES, PBE-SHA1-3DES,
PBE-SHA1-RC2-40,
or with the -nocrypt switch, it can be unencrypted. If any of these
parameters is missing, the default locations are looked up (in
$HOME/.postgresql).
-sslpassword: the password for the ssl key (different from the database
password)
-sslpasswordcallback: a class, implementing
javax.security.auth.callback.CallbackHandler
that can handle PassworCallback for the ssl password. If set,
sslpassword is ignored.
The supplied class must have either a constructor with a Properties
argument where
the connection info properties are given, or a zero argument constructor
If neither sslpassword nor sslpasswordcallback is set, and the key is
protected,
the user is prompted at the console for a password
-sslhostnameverifier: a class, implementing javax.net.ssl.HostnameVerifier
that can verify the server. The supplied class must have either a
constructor
with a Properties argument where the connection info properties are given,
or a zero argument constructor. If set the server hostname is verified
irrespective
of the value of sslmode. (This behaivor is to be discussed.)
-sslfactory: this parameter is modified slightly. The supplied class can
also have a constructor
with a Properties argument. In this case sslfactoryarg is ignored. If
set, then the supplied
factory class is wholly responsible for the SSL connection, but the
hostname verification is still
handled by the sslhostnameverifier class if supplied.
Attached are the patch to MakeSSL.java, and two new classes,
org.postgresql.ssl.LazyKeyManager and org.postgresql.ssl.LibPQFactory.
Sincerely Yours
Andras