Re: Query related to postgresql jdbc 42.2.5

Hi Dave

I am using 42.2.5 postgresql JDBC version. Can we disable hostname verification feature introduced in this version(42.2.5)

Best Regards

Pradeep

On Fri 19 Oct, 2018, 3:55 PM pradeep puppala, <pradeep09puppala@gmail.com> wrote:

Hi Dave Cramer,

It have added sslfactory=org.postgtesql.ssl.DefaultJavaSSLFactory in my db connection url and it worked for me.

Thanks a lot Dave 😁 

Best Regards

Pradeep

On Fri 19 Oct, 2018, 3:19 PM Dave Cramer, <pg@fastcrypt.com> wrote:

Hello,

with just ssl=true the default is to use LibPQFactory which does not use the trust store at all.

In order to use the trust store you must set sslfactory to a valid SSLFactory as per https://jdbc.postgresql.org/documentation/head/ssl-factory.html

There is a simple org.postgresql.ssl.DefaultJavaSSLFactory provided which uses the default java SSLFactory.

Regards,

Dave Cramer

davec@postgresintl.com

www.postgresintl.com

On Fri, 19 Oct 2018 at 03:01, pradeep puppala <pradeep09puppala@gmail.com> wrote:

Hi Dave Cramer,

Thank you for the suggestion. I have seen the links you shared and made some changes in my certificates and in my connection url.

Now I am getting error as below.

main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
org.postgresql.util.PSQLException: SSL error: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

Below are my db connection details

            System.setProperty("javax.net.ssl.trustStore","/usr/java/jre1.7.0_25/lib/security/cacerts");
            System.setProperty("javax.net.ssl.trustStorePassword","changeit");
            System.setProperty("javax.net.ssl.keyStore","/home/.postgresql/client.keystore");
            System.setProperty("javax.net.ssl.keyStorePassword","changeit");
            System.setProperty("javax.net.debug", "all");
           
            Properties props = new Properties();
           
            props.setProperty("user", "user1");
            props.setProperty("password", "default");
                    
            Class.forName("org.postgresql.Driver");

            //SSLContext.setDefault();
            String url = "jdbc:postgresql://localhost:5432/dbname?ssl=true";
            Connection c = DriverManager.getConnection(url, props);

I am using 42.2.5 jdbc postgresql jar for ssl db connection.

Can you help me with this error.

Best Regards,

Pradeep

On Wed, Oct 17, 2018 at 3:45 AM Dave Cramer <pg@fastcrypt.com> wrote:

or the release notes

https://jdbc.postgresql.org/

in 45.2.5 we changed the semantics you can add sslmode=prefer to not verify the cert.

https://jdbc.postgresql.org/documentation/head/connect.html#connection-parameters

Dave Cramer

davec@postgresintl.com

www.postgresintl.com

On Mon, 15 Oct 2018 at 22:38, rob stone <floriparob@gmail.com> wrote:

Hello,

On Mon, 2018-10-15 at 18:29 +0530, pradeep puppala wrote:
> Hi
>
> I am trying to connect to postgresql database with jdbc postgresql
> 42.2.5 with "ssl=true" but I am getting error as below.
>
> SSL error: sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target.
>
> I am using self signed certificates and jre version is 1.7.0.151. I
> am struck here please help. Thanks in advance.
>
> Best regards
> Pradeep

This post may provide some clues.

https://stackoverflow.com/questions/18378869/pkix-path-building-failed-in-java-application#24705398

OR

https://stackoverflow.com/questions/18378869/pkix-path-building-failed-in-java-application#24705398


HTH,
Rob