Re: JDBC SSL hostname verification

   Dear Jdbc developers!

  Here is a more comprehensive patch for SSL in the jdbc driver.
The following connection properties are introduced:

-sslmode: similar to the libpg parameter, the allowed
  values are disable, allow, prefer, require, verify-ca, verify-full
  The parameter ssl should be made deprecated, as sslmode
  can cover all the possibilities. (However, if sslmode is not
  set, the driver's behavior is backward compatible.)
  disable, require, verify-ca and verify-full behave correctly.
  At this point allow and prefer behave the same, and it is
  not possible, to fall back to nonssl, once ssl negotiation has
  begun.

-sslcert,sslkey,sslrootcert: these are the locations of the client
  certificate, client key, and server certificate. (CRLs ar not implemeted
  yet.)
  Surprisingly, java can read openssl certificates without any
  modification, but the key must be converted to pkcs8 format with
  the following comand:

openssl pkcs8 -topk8 -in client.key -out client.pk8 -outform DER -v1
PBE-MD5-DES

  the ciphers, recognized by java are PBE-MD5-DES, PBE-SHA1-3DES,
  PBE-SHA1-RC2-40,
  or with the -nocrypt switch, it can be unencrypted. If any of these
  parameters is missing, the default locations are looked up (in
  $HOME/.postgresql). The default filename for the key is postgresql.pk8
  instead of postgresql.key to allow simultaneous use of the jdbc driver
  and other libpq compatible applications. In some cases it is desirable
  to supress loading the default client certificate (and any other one),
  in this case specify sslcert with an empty argument.

-sslpassword: the password for the ssl key (different from the database
password)

-sslpasswordcallback: a class, implementing
  javax.security.auth.callback.CallbackHandler
  that can handle PassworCallback for the ssl password. If set,
  sslpassword is ignored.
  The supplied class must have either a constructor with a Properties
  argument where
  the connection info properties are given, or a zero argument constructor
  If neither sslpassword nor sslpasswordcallback is set, and the key is
  protected,
  the user is prompted at the console for a password

-sslhostnameverifier: a class, implementing javax.net.ssl.HostnameVerifier
  that can verify the server. The supplied class must have either a
  constructor
  with a Properties argument where the connection info properties are given,
  or a zero argument constructor. If set the server hostname is verified
  irrespective
  of the value of sslmode. (This behaivor is to be discussed.)

-sslfactory: this parameter is modified slightly. The supplied class can
  also have a constructor
  with a Properties argument. In this case sslfactoryarg is ignored. If
  set, then the supplied
  factory class is wholly responsible for the SSL connection, but the
  hostname verification is still
  handled by the sslhostnameverifier class if supplied.
  Warning! The sslfactory must not initiate a handshake in it's
  createSocket method, bacause a second startHandsake invocation
  in MakeSSL.convert() will break the connection.

  A few junit tests are also included. For them to run several databases
with different pg_hba.conf parameters must be set up. See the
certdir/README file for details. Right now some of the tests fail.
It is intentional, they correspond to the not yet libpq compatible
behaviour of allow and prefer.
  Patch and two binary files, certdir/goodclient.pk8 and
certdir/badclient.pk8 are attached. Any fedback is welcome!
    Sincerely Yours
            Andras