Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL connection fails with 9.4.1208 but works with 9.4.1207 #528

Closed
laurenz opened this issue Mar 4, 2016 · 10 comments
Closed

SSL connection fails with 9.4.1208 but works with 9.4.1207 #528

laurenz opened this issue Mar 4, 2016 · 10 comments

Comments

@laurenz
Copy link
Contributor

@laurenz laurenz commented Mar 4, 2016

My code is as follows:

public class PGConn {
    public static void main(String[] args) throws
            ClassNotFoundException, java.sql.SQLException, java.io.IOException
    {
        Class.forName("org.postgresql.Driver");
        java.sql.Connection conn = java.sql.DriverManager.getConnection("jdbc:postgresql://<host>:<port>/<db>?user=<user>&password=<pwd>&ssl&sslfactory=org.postgresql.ssl.NonValidatingFactory");
        conn.close();
    }
}

This program works with postgresql-9.4.1207.jre6.jar, but with postgresql-9.4.1208.jre6.jar I get:

Exception in thread "main" org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "123.123.123.123", user "<user>", database "<db>", SSL off
        at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:433)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:208)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
        at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:215)
        at org.postgresql.Driver.makeConnection(Driver.java:406)
        at org.postgresql.Driver.connect(Driver.java:274)
        at java.sql.DriverManager.getConnection(DriverManager.java:571)
        at java.sql.DriverManager.getConnection(DriverManager.java:233)
        at PGConn.main(PGConn.java:4)

I would have run git bisect, but I cannot get Maven to compile the source (I keep getting messages that there is no SNAPSHOT version).

I looked at the history; could it be commit dc1844c?

Can somebody shed more light on that?

@davecramer
Copy link
Member

@davecramer davecramer commented Mar 4, 2016

There are instructions on how to build at https://github.com/pgjdbc/pgjdbc

I've seen this before but we can't replicate it.

Dave Cramer

On 4 March 2016 at 09:32, Laurenz Albe notifications@github.com wrote:

My code is as follows:

public class PGConn {
public static void main(String[] args) throws
ClassNotFoundException, java.sql.SQLException, java.io.IOException
{
Class.forName("org.postgresql.Driver");
java.sql.Connection conn = java.sql.DriverManager.getConnection("jdbc:postgresql://:/?user=&password=&ssl&sslfactory=org.postgresql.ssl.NonValidatingFactory");
conn.close();
}
}

This program works with postgresql-9.4.1207.jre6.jar, but with
postgresql-9.4.1208.jre6.jar I get:

Exception in thread "main" org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "123.123.123.123", user "", database "", SSL off
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:433)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:208)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
at org.postgresql.jdbc.PgConnection.(PgConnection.java:215)
at org.postgresql.Driver.makeConnection(Driver.java:406)
at org.postgresql.Driver.connect(Driver.java:274)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:233)
at PGConn.main(PGConn.java:4)

I would have run git bisect, but I cannot get Maven to compile the source
(I keep getting messages that there is no SNAPSHOT version).

I looked at the history; could it be commit dc1844c
dc1844c
?

Can somebody shed more light on that?


Reply to this email directly or view it on GitHub
#528.

@laurenz
Copy link
Contributor Author

@laurenz laurenz commented Mar 4, 2016

I tried to follow the build instructions...
I'll give it another spin next week.

My complete test case is above; the server certificate I use is a self signed RSA certificate.

Do you have any idea what I can do to narrow this down?

@vlsi
Copy link
Member

@vlsi vlsi commented Mar 4, 2016

but I cannot get Maven to compile the source (I keep getting messages that there is no SNAPSHOT version).

You are probably calling mvn... from within pgdjbc subfolder (this one: https://github.com/pgjdbc/pgjdbc/tree/master/pgjdbc), however you should call from within top level one: https://github.com/pgjdbc/pgjdbc

@laurenz
Copy link
Contributor Author

@laurenz laurenz commented Mar 7, 2016

I still cannot get pgjbc to build.
I do not have JDK 1.8 installed.

The documentation does not tell me how to proceed, and nothing I tried seems to work.

@vlsi
Copy link
Member

@vlsi vlsi commented Mar 7, 2016

@laurenz , can you install JDK 1.8?

The documentation does not tell me how to proceed, and nothing I tried seems to work.

What do you get when you follow the following step-by-step?
https://github.com/pgjdbc/pgjdbc-jre7#checking-out-the-source-code

@laurenz
Copy link
Contributor Author

@laurenz laurenz commented Mar 7, 2016

I can install JDK 1.8 as a last ditch effort.

When I run

git clone https://github.com/pgjdbc/pgjdbc-jre7.git
cd pgjdbc-jre7
mvn install

I get

Failed to execute goal com.igormaznitsa:jcp:6.0.1:preprocess (preprocessSources) on project postgresql: Can't find a source directory [/MYSQL/mysqldata/fs1/rpmbuild/pgjdbc/pgjdbc/pgjdbc-jre7/pgjdbc/pgjdbc/src/main/java]
@vlsi
Copy link
Member

@vlsi vlsi commented Mar 7, 2016

Are you sure you did follow:

git clone https://github.com/pgjdbc/pgjdbc.git
cd pgjdbc

steps?

@laurenz
Copy link
Contributor Author

@laurenz laurenz commented Mar 7, 2016

Ah, I did one cd pgjdbc too many, it works now. Thanks!
I think the build documentation could be improved...
Ok, I'll bisect now.

@laurenz
Copy link
Contributor Author

@laurenz laurenz commented Mar 7, 2016

The bug is introduced by commit a6a61be.

I'll continue investigating, I just wanted to let you know.

@laurenz
Copy link
Contributor Author

@laurenz laurenz commented Mar 7, 2016

I understand now what is going on.

This is the change for org/postgresql/core/v3/ConnectionFactoryImpl.java:

@@ -76,7 +76,7 @@ public ProtocolConnection openConnectionImpl(HostSpec[] hostSpecs, String user,
     boolean trySSL;
     String sslmode = PGProperty.SSL_MODE.get(info);
     if (sslmode == null) { // Fall back to the ssl property
-      requireSSL = trySSL = PGProperty.SSL.isPresent(info);
+      requireSSL = trySSL = PGProperty.SSL.getBoolean(info);
     } else {
       if ("disable".equals(sslmode)) {
         requireSSL = trySSL = false;

If the connection string contains the property ssl ''without an argument'', then PGProperty.SSL.isPresent(info) will return true, while PGProperty.SSL.getBoolean(info) will return false.

So the connection is attempted without SSL and fails.

I'll come up with a patch.

@vlsi vlsi closed this in 477851c Mar 7, 2016
vlsi added a commit that referenced this issue Mar 7, 2016
Commit a6a61be ignored the case that
the "ssl" property is set but empty, which means "true" according to
the documentation.
The consequence is that no SSL connection is attempted in this case.

closes #528, closes #529
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants
You can’t perform that action at this time.