Custom SSLSocketFactory
PostgreSQL provides a way for developers to customize how a SSL connection is
established. This may be used to provide a custom certificate source or other
extensions by allowing the developer to create their own
SSLContext
instance.
The connection URL parameters
sslfactory
and
sslfactoryarg
allow the user
to specify which custom class to use for creating the
SSLSocketFactory
. The
class name specified by
sslfactory
must extend
javax.net.ssl.SSLSocketFactory
and be available to the driver’s classloader. This class must have a zero argument
constructor or a single argument constructor taking a String argument. This
argument may optionally be supplied by
sslfactoryarg
.
Information on how to actually implement such a class is beyond the scope of this
documentation. Places to look for help are the
JSSE Reference Guide
and the source to the
NonValidatingFactory
provided by the JDBC driver.
The Java SSL API is not very well known to the JDBC driver developers and we would be interested in any interesting and generally useful extensions that you have implemented using this mechanism. Specifically it would be nice to be able to provide client certificates to be validated by the server.