Connection to PgSQL does not use SSL with JDBC driver 9.4 if the parameter is passed through Properties rather than URL

Greetings,

I found an issue with JDBC driver postgresql-9.4.1207.jre7 involving SSL connections.

First the context. In order to enforce TLSv1.2 connection, i extend the PostgreSQL driver in order to set properties by default :

public class SecurePostgresqlDriver extends Driver {

    @Override

    public Connection connect(String url, Properties info) throws SQLException {

        info.setProperty(PGProperty.SSL.getName(), "true");

        info.setProperty(PGProperty.SSL_FACTORY.getName(), SecurePostgresqlSocketFactory.class.getCanonicalName());

        return super.connect(url, info);

    }

}

But this leads me to an exception:

org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "xxx", database "xxx", SSL off

                at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:427)

                at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:203)

                at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:65)

                at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:159)

                at org.postgresql.Driver.makeConnection(Driver.java:415)

                at org.postgresql.Driver.connect(Driver.java:283)

                at SecurePostgresqlDriver.connect(SecurePostgresqlDriver.java:21)

For the note, using the default org.postgresql.Driver class and adding "?ssl=true&sslfactory=SecurePostgresqlSocketFactory" at the end of the URL works.

I did a little debbuging, and this is what i found.

-           org.postgresql.Driver.connect(String, Properties) calls the parseURL(String, Properties) method at line 264, which creates a new Properties instance with the paramater one as default (Driver :537)

-          This new instance overrides the original one on this same line. So from now on my SSL and SSL_FACTORY are default properties of the current one. If the parameters were passed through URL, they would be actual properties rather than default ones.

-          This instance is passed to the PgConnection, which passes it to the ConnectionFactory, which passes it to the ConnectionFactoryImpl.

-          org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(HostSpec[], String, String, Properties, Logger) checks the SSL property at line 74 by calling PGProperty.isPresent(Properties)

-          org.postgresql.PGProperty.isPresent(Properties) calls the getSetString(Properties) method at line 468, but this method does not check default properties.

-          My SSL and SSL_FACTORY properties are ignored since they are default ones, and thus a non-SSL connection is opened.

Hence i have two questions :

-          Do SSL and SSL_FACTORY properties have to be passed through URL ?

-          If not, can you please patch this ? J

Best regards,

Matthieu SANCHEZ