Обсуждение: Bug (?) in JDB
Hello all,
I've noticed that when using Java and postgres-jdbc, setting ssl=false
in Properties doesn't get read, and ssl=false and ssl=true both cause
SSL to be tried.
E.g:
String url = "jdbc:postgresql://"+host+"/"+database;
Properties props = new Properties();
props.setProperty("user", "blah");
props.setProperty("password", "blah");
props.setProperty("ssl", "false");
props.setProperty("sslfactory",
"org.postgresql.ssl.NonValidatingFactory");
Connection conn = null;
conn = DriverManager.getConnection(url, props);
causes it to throw: org.postgresql.util.PSQLException: The server does
not support SSL. (even though I've said not to try SSL).
String url = "jdbc:postgresql://"+host+"/"+database;
Properties props = new Properties();
props.setProperty("user", "blah");
props.setProperty("password", "blah");
// Don't even set these ones below, as they seem to make it
try SSL regardless.
// props.setProperty("ssl", "false");
// props.setProperty("sslfactory",
"org.postgresql.ssl.NonValidatingFactory");
Connection conn = null;
conn = DriverManager.getConnection(url, props);
works fine.
Problem exists both with postgresql-8.2-505.jdbc3.jar and
postgresql-8.2-507.jdbc3.jar
C
--
bash# Got root? Get root. Fast Linux VPS
http://linuxvps.org/
On Mon, 21 Jan 2008, Calum wrote: > I've noticed that when using Java and postgres-jdbc, setting ssl=false > in Properties doesn't get read, and ssl=false and ssl=true both cause > SSL to be tried. > The current implementation sees the mere presence of "ssl" as a request for ssl, as the original implementation and docs suggested using "?ssl" alone. At various times we've discussed changing this to be more like libpq's try/require options, but that's how it is now. So it's not ideal, but it is working as designed. If you don't want ssl, don't set the property at all. Kris Jurka
Calum, I do not know about Java and jdbc, but had similiar problems with various Python-Database adapters. Have you double-checked that true and false are valid options? at http://www.postgresql.org/docs/current/interactive/libpq-connect.html you can read sslmode This option determines whether or with what priority an SSL connection will be negotiated with the server. There are four modes: disable will attempt only an unencrypted SSL connection; allow will negotiate, trying first a non-SSL connection, then if that fails, trying an SSL connection; prefer (the default) will negotiate, trying first an SSL connection, then if that fails, trying a regular non-SSL connection; require will try only an SSL connection. If PostgreSQL is compiled without SSL support, using option require will cause an error, while options allow and prefer will be accepted but libpq will not in fact attempt an SSL connection. so probably you should use "disable" instead of "false", and "require" or "prefer" instead of true? Harald -- GHUM Harald Massa persuadere et programmare Harald Armin Massa Spielberger Straße 49 70435 Stuttgart 0173/9409607 fx 01212-5-13695179 - EuroPython 2008 will take place in Vilnius, Lithuania - Stay tuned!