Обсуждение: I am receiving an error
Postgresql-42.2.5.jar
I have AWS RDS PostgreSQL servers set up. I have C-Names that point to the AWS server names. Why?
1) My C-names are easy to remember the AWS RDS names are not.
2) If some issue comes up I can very quickly change the target database by simply changing the C-name record to point to a different database name.
After moving to the above JAR file I get the below error. Is there a parameter I can add to tell the JDBC drive to ignore the validation that is comparing my C-Name to the AWS RDS host name?
23-Apr-2019 09:20:47.152 SEVERE [ajp-nio-8019-exec-1] org.postgresql.ssl.PGjdbcHostnameVerifier.verify Server name validation failed: hostname test.cname.illinois.edu does not match common name aws.postgresql.server.amazonaws.com
getConnection()::Exception:
java.sql.SQLException: Cannot create PoolableConnectionFactory (The hostname test.cname.illinois.edu could not be verified by hostnameverifier PgjdbcHostnameVerifier.)
Thanks,
Software Architect
217.333.0382
Under the Illinois Freedom of Information Act any written communication to or from university employees regarding university business is a public record and may be subject to public disclosure.
Вложения
Postgresql-42.2.5.jar
I have AWS RDS PostgreSQL servers set up. I have C-Names that point to the AWS server names. Why?
1) My C-names are easy to remember the AWS RDS names are not.
2) If some issue comes up I can very quickly change the target database by simply changing the C-name record to point to a different database name.
After moving to the above JAR file I get the below error. Is there a parameter I can add to tell the JDBC drive to ignore the validation that is comparing my C-Name to the AWS RDS host name?
23-Apr-2019 09:20:47.152 SEVERE [ajp-nio-8019-exec-1] org.postgresql.ssl.PGjdbcHostnameVerifier.verify Server name validation failed: hostname test.cname.illinois.edu does not match common name aws.postgresql.server.amazonaws.com
getConnection()::Exception:
java.sql.SQLException: Cannot create PoolableConnectionFactory (The hostname test.cname.illinois.edu could not be verified by hostnameverifier PgjdbcHostnameVerifier.)
Thanks,
Software Architect
217.333.0382
Under the Illinois Freedom of Information Act any written communication to or from university employees regarding university business is a public record and may be subject to public disclosure.
Вложения
That did it. Thanks so much.
Lance
From: Dave Cramer <pg@fastcrypt.com>
Date: Tuesday, April 23, 2019 at 10:04 AM
To: Lance Campbell <lance@illinois.edu>
Cc: "pgsql-jdbc@postgresql.org" <pgsql-jdbc@postgresql.org>
Subject: Re: I am receiving an error
On Tue, 23 Apr 2019 at 10:58, Campbell, Lance <lance@illinois.edu> wrote:
Postgresql-42.2.5.jar
I have AWS RDS PostgreSQL servers set up. I have C-Names that point to the AWS server names. Why?
1) My C-names are easy to remember the AWS RDS names are not.
2) If some issue comes up I can very quickly change the target database by simply changing the C-name record to point to a different database name.
After moving to the above JAR file I get the below error. Is there a parameter I can add to tell the JDBC drive to ignore the validation that is comparing my C-Name to the AWS RDS host name?
23-Apr-2019 09:20:47.152 SEVERE [ajp-nio-8019-exec-1] org.postgresql.ssl.PGjdbcHostnameVerifier.verify Server name validation failed: hostname test.cname.illinois.edu does not match common name aws.postgresql.server.amazonaws.com
getConnection()::Exception:
java.sql.SQLException: Cannot create PoolableConnectionFactory (The hostname test.cname.illinois.edu could not be verified by hostnameverifier PgjdbcHostnameVerifier.)
Thanks,
Software Architect
217.333.0382
Under the Illinois Freedom of Information Act any written communication to or from university employees regarding university business is a public record and may be subject to public disclosure.
Вложения
Вложения
Does that mean we want to add more thorough explanation to the exception message itself?Of course we can't add URLs there (as they happen to change over time), however we might do better exception-wize.Should the default exception suggest to check hostname vs certificate?E.g. something behind the words>The connection URL specifies test.cname.illinois.edu:5432,>however the server provided certificate for a different hostname:> aws.postgresql.server.amazonaws.com. It means either the certificate is invalid or the hostname in the connection URL must be different.> pgjdbc aborts such connections in order to avoid man-in-the-middle attacks.> Please configure the proper certificate and/or use proper hostname in the connection URL> Hostname verification can be temporary disabled, however it would open your service to man-in-the-middle attacks, so you probably don't want to disable the verification.WDYT?Vladimir