Re: JDBC SSL hostname verification

Dear Jdbc developers!

Here is a more comprehensive patch for SSL in the jdbc driver.
The following connection properties are introduced:

-sslmode: similar to the libpg parameter, the allowed
values are disable, allow, prefer, require, verify-ca, verify-full
The parameter ssl should be made deprecated, as sslmode
can cover all the possibilities. (However, if sslmode is not
set, the driver's behavior is backward compatible.)
disable, require, verify-ca and verify-full behave correctly.
At this point allow and prefer behave the same, and it is
not possible, to fall back to nonssl, once ssl negotiation has
begun.

-sslcert,sslkey,sslrootcert: these are the locations of the client
certificate, client key, and server certificate. (CRLs ar not implemeted
yet.)
Surprisingly, java can read openssl certificates without any
modification, but the key must be converted to pkcs8 format with
the following comand:

openssl pkcs8 -topk8 -in client.key -out client.pk8 -outform DER -v1
PBE-MD5-DES

the ciphers, recognized by java are PBE-MD5-DES, PBE-SHA1-3DES,
PBE-SHA1-RC2-40,
or with the -nocrypt switch, it can be unencrypted. If any of these
parameters is missing, the default locations are looked up (in
$HOME/.postgresql). The default filename for the key is postgresql.pk8
instead of postgresql.key to allow simultaneous use of the jdbc driver
and other libpq compatible applications. In some cases it is desirable
to supress loading the default client certificate (and any other one),
in this case specify sslcert with an empty argument.

-sslpassword: the password for the ssl key (different from the database
password)

-sslpasswordcallback: a class, implementing
javax.security.auth.callback.CallbackHandler
that can handle PassworCallback for the ssl password. If set,
sslpassword is ignored.
The supplied class must have either a constructor with a Properties
argument where
the connection info properties are given, or a zero argument constructor
If neither sslpassword nor sslpasswordcallback is set, and the key is
protected,
the user is prompted at the console for a password

-sslhostnameverifier: a class, implementing javax.net.ssl.HostnameVerifier
that can verify the server. The supplied class must have either a
constructor
with a Properties argument where the connection info properties are given,
or a zero argument constructor. If set the server hostname is verified
irrespective
of the value of sslmode. (This behaivor is to be discussed.)

-sslfactory: this parameter is modified slightly. The supplied class can
also have a constructor
with a Properties argument. In this case sslfactoryarg is ignored. If
set, then the supplied
factory class is wholly responsible for the SSL connection, but the
hostname verification is still
handled by the sslhostnameverifier class if supplied.
Warning! The sslfactory must not initiate a handshake in it's
createSocket method, bacause a second startHandsake invocation
in MakeSSL.convert() will break the connection.

A few junit tests are also included. For them to run several databases
with different pg_hba.conf parameters must be set up. See the
certdir/README file for details. Right now some of the tests fail.
It is intentional, they correspond to the not yet libpq compatible
behaviour of allow and prefer.
Patch and two binary files, certdir/goodclient.pk8 and
certdir/badclient.pk8 are attached. Any fedback is welcome!
Sincerely Yours
Andras