File: README

package info (click to toggle)
libpgjava 9.2-1002-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 4,308 kB
  • ctags: 4,503
  • sloc: java: 37,623; xml: 3,376; makefile: 22; sh: 10
file content (57 lines) | stat: -rw-r--r-- 2,483 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 

To run the SSL tests, the following properties are used:

certdir: directory where the certificates and keys are store

ssl<TYPE><gh|bh><8|9>: a connection string to the appropiate database
TYPE is the TYPE or METHOD field from pg_hba.conf that is: host, hostnossl,
hostssl and the special types hostsslcert, that corresponds
to a hostssl type with clientcert=1 and cert that corresponds
to a hostssl type with cert authentication. 'gh' means, the server certificate
matches the hostname (good hostname), 'bh' means it is not (bad
hostname). It can be simulated with a single database, if two names
can be used i.e. localhost and 127.0.0.1. ssloff points to a database,
where ssl is off. The last number is the server major version

For each connection, the following files should be placed into certdir:
goodclient.crt, badclient.crt, goodclient.pk8, badclient.pk8, goodroot.crt, badroot.crt
optionally prefixed by the value of ssl<TYPE><gh|bh>prefix property, if
different files are necessary for different connect strings.

This directory contains example certificates generated by the following
commands:

openssl req -x509 -newkey rsa:1024 -days 3650 -keyout goodclient.key -out goodclient.crt
#Common name is test, password is sslpwd

openssl req -x509 -newkey rsa:1024 -days 3650 -keyout badclient.key -out badclient.crt
#Common name is test, password is sslpwd

openssl req -x509 -newkey rsa:1024 -days 3650 -nodes -keyout badroot.key -out badroot.crt
#Common name is localhost
rm badroot.key

openssl pkcs8 -topk8 -in goodclient.key -out goodclient.pk8 -outform DER -v1 PBE-MD5-DES
openssl pkcs8 -topk8 -in badclient.key -out badclient.pk8 -outform DER -v1 PBE-MD5-DES
cp goodclient.crt server/root.crt
cd server
openssl req -x509 -newkey rsa:1024 -nodes -days 3650 -keyout server.key -out server.crt
cp server.crt ../goodroot.crt
#Common name is localhost, no password

The subdirectory server contains what should be copied to the PGDATA directory.
If you do not overwrite the pg_hba.conf then remember to comment out all lines
starting with "host all".

For the tests the sslinfo module must be installed into every database.
The ssl=on must be set in postgresql.conf

The following command creates the databases and installs the sslinfo module.

for db in hostssldb hostnossldb certdb hostsslcertdb; do
  createdb $db
  psql $db -c "create extension sslinfo"
done

The username for connecting to postgres as specified in build.local.properties tests has to be "test".