Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add SSL factory SingleCertValidatingFactory #88
Add a new SSL socket factory that allows users to specify and verify the SSL certificate of the remote server to prevent MITM attacks. The socket factory allows for easily specifying and pinning of remote server SSL certificates when creating a new connection to a database. The SSL certificate can be specified as the String value of the
Also included is a new test class that uses the new socket factory. The test class is disabled by default but can be enabled by setting
By default the tests are configured to run against a SSL test database VM running on localhost on the ports 10084, 10090, 10091, 10092, and 10093. To test against a different set of databases edit the test parameters (JDBC URLs) at the top of the class.
The last test case pulls the SSL certificate from an enviroment var. For it to run the env var must be set prior to running the test. Otherwise the test is skipped. You can set it and run the test via:
The easiest way to test it and the JDBC SSL tests in general is to use the test VM I put together. It's available at: https://github.com/jackdb/pgjdbc-test-vm
To use it:
The VM that gets created is configured to run all the SSL tests (old and my new one) and can also be used to run the non-SSL tests.
Okay I was able to successfully run all the new SSL tests.
I found two
New version is here: https://github.com/sehrope/pgjdbc/tree/single-cert-ssl
Let me know if you want me to make a new PR or if you'll just pull it in manually.
Thanks, I fixed them manually and pushed it into master
On 25 April 2014 14:37, Sehrope Sarkuni firstname.lastname@example.org wrote:
FYI, I'm looking into automating the rest of the driver testing as well. I already have a half decent setup locally using a VM1 which is what I used to test this patch. I'd like to have the same setup for Travis-CI as well. When I have a bit of time I'll look into getting it setup.
That would be great.
For some reason travis-ci doesn't see failures. Probably because the
On 25 April 2014 14:51, Sehrope Sarkuni email@example.com wrote: