pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feed[pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
30+ messages / 4 participants
[nested] [flat]
* [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-02-16 10:11 "minfrin (@minfrin)" <[email protected]>
0 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-02-16 10:11 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Add three new SSLSocketFactory implementations to support native keystores on Windows and Mac.
org.postgresql.ssl.MSCAPILocalMachineSSLFactory
org.postgresql.ssl.MSCAPISSLFactory
org.postgresql.ssl.KeychainSSLFactory
Add the sslsubject parameter to limit the chosen certificate where more than one certificate might match for a given connection.
### All Submissions:
* [x] Have you followed the guidelines in our [Contributing](https://github.com/pgjdbc/pgjdbc/blob/master/CONTRIBUTING.md) document?
* [x] Have you checked to ensure there aren't other open [Pull Requests](../../pulls) for the same update/change?
<!-- You can erase any parts of this template not applicable to your Pull Request. -->
### New Feature Submissions:
1. [x] Does your submission pass tests?
2. [x] Does `./gradlew styleCheck` pass ?
3. [x] Have you added your new test classes to an existing test suite in alphabetical order?
### Changes to Existing Features:
* [ ] Does this break existing behaviour? If so please explain.
* [x] Have you added an explanation of what your changes do and why you'd like us to include them?
* [x] Have you written new tests for your core changes, as applicable?
* [x] Have you successfully run tests with your changes locally?
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-02-22 11:20 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-02-22 11:20 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Would it be possible to approve the workflows outstanding on this PR?
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-02-28 14:08 "davecramer (@davecramer)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: davecramer (@davecramer) @ 2024-02-28 14:08 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
> Would it be possible to approve the workflows outstanding on this PR?
Yes, sorry. I should have realized they weren't running
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-02-29 10:36 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-02-29 10:36 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:89)
I'm getting a test failure, more specifically a compilation failure that I don't understand.
```
[Task :postgresql:compileJava] [argument] incompatible argument for parameter arg1 of KeyManagerFactory.init.
keyManagerFactory.init(keyStore, keyPassphrase);
^
found : @initialized @nonnull char @FBCBottom @nullable []
```
keyPassphrase is a char[], the extra annotations seem sane.
Can you confirm for me if possible what specifically is wrong with this line so I can fix it?
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-02-29 10:38 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-02-29 10:38 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:89)
These warnings might be relevant:
```
> Task :postgresql:compileJava
warning: /home/runner/work/pgjdbc/pgjdbc/config/checkerframework/Assert.astub:(line 1,col 1): Package not found: org.junit
warning: /home/runner/work/pgjdbc/pgjdbc/config/checkerframework/Assert.astub:(line 6,col 1): Type not found: org.junit.Assert
```
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:21 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:21 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java)
Java
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:21 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:21 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:93)
Isn't `ex.getMessage()` redudant since the target message will be recursively built?
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:22 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:22 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:135)
Same here
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:22 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:22 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java)
same here
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:22 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:22 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:145)
Both same here
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:22 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:22 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:163)
Same both here
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:22 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:22 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:176)
Same here
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-08 21:23 "michael-o (@michael-o)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: michael-o (@michael-o) @ 2024-03-08 21:23 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/test/java/org/postgresql/test/ssl/SSLFactoryTest.java:36)
You are sure that cause will not be null at some point?
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:04 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:04 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java)
Fixed.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:10 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:10 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:93)
Java is fixed.
The ex.getMessage() is there on purpose so that the whole error message is on one single line.
The target audience for this patch are data scientists who aren't Java developers, nor are they experts in SSL. They see the message "Could not find a java cryptographic algorithm", they don't understand it (fair: "which crypto algorithm?"), and I have to pick it all apart for them, first helping them give me the whole exception (I'll get a screenshot of the top few lines, then I'll explain how to cut and paste), then finding the needle in the haystack of "caused by", then googling for them.
With the whole message on one line, they have one line to google themselves, on the top line, and lots and lots of make work is avoided.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:10 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:10 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:135)
Java is fixed.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:10 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:10 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java)
Java is fixed.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:10 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:10 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:145)
Java is fixed.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:11 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:11 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:163)
Java is fixed.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:11 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:11 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:176)
This is intended.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-18 09:13 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-18 09:13 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/test/java/org/postgresql/test/ssl/SSLFactoryTest.java:36)
Instanceof doesn't require a null check. The expression "null instancof PSQLException" returns false.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-25 22:31 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-03-25 22:31 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Another gentle bump - is it possible to trigger workflows?
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-27 11:03 "davecramer (@davecramer)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: davecramer (@davecramer) @ 2024-03-27 11:03 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
sorry about that
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-03-27 12:54 "sehrope (@sehrope)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: sehrope (@sehrope) @ 2024-03-27 12:54 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
@minfrin You can enable actions to run on your pgjdbc fork as well. This is particularly useful if you want to try running something in CI without opening a PR in this repo. The GitHub Actions should work with no issues on your fork. The Windows / AppVeyor stuff is a bit finicky but in theory should work if you set up an account there as well.
(Note that I'm not suggesting opening this PR and running the CI on pgjdbc/pgjdbc was a bad idea ... I'm just suggesting an alternative for the future if you're trying out something else)
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-04-24 08:57 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-04-24 08:57 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
(on pgjdbc/src/main/java/org/postgresql/ssl/SSLFactory.java:89)
Quick ping on this comment - I don't understand how it compiles everywhere else but not in this specific case. Is someone familiar with CheckerFramework able to confirm?
https://github.com/pgjdbc/pgjdbc/actions/runs/8323877965/job/23147420376?pr=3124
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-04-24 19:51 "davecramer (@davecramer)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: davecramer (@davecramer) @ 2024-04-24 19:51 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
@minfrin I took the liberty of fixing the checker errors
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-04-24 21:26 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-04-24 21:26 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
> @minfrin I took the liberty of fixing the checker errors
Much appreciated, thank you.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-07-16 15:47 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-07-16 15:47 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Quick bump on this one, is there anything further needed on this patch?
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-09-29 11:51 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-09-29 11:51 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Another quick ping on this one - keen to make certificates easier to use on Windows and Mac.
^ permalink raw reply [nested|flat] 30+ messages in thread
* Re: [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support
@ 2024-12-10 17:41 "minfrin (@minfrin)" <[email protected]>
28 siblings, 0 replies; 30+ messages in thread
From: minfrin (@minfrin) @ 2024-12-10 17:41 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Another bump on this one - anyone able to take a look?
^ permalink raw reply [nested|flat] 30+ messages in thread
end of thread, other threads:[~2024-12-10 17:41 UTC | newest]
Thread overview: 30+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-02-16 10:11 [pgjdbc/pgjdbc] PR #3124: Add Windows and MacOS native certificate support "minfrin (@minfrin)" <[email protected]>
2024-02-22 11:20 ` "minfrin (@minfrin)" <[email protected]>
2024-02-28 14:08 ` "davecramer (@davecramer)" <[email protected]>
2024-02-29 10:36 ` "minfrin (@minfrin)" <[email protected]>
2024-02-29 10:38 ` "minfrin (@minfrin)" <[email protected]>
2024-03-08 21:21 ` "michael-o (@michael-o)" <[email protected]>
2024-03-08 21:21 ` "michael-o (@michael-o)" <[email protected]>
2024-03-08 21:22 ` "michael-o (@michael-o)" <[email protected]>
2024-03-08 21:22 ` "michael-o (@michael-o)" <[email protected]>
2024-03-08 21:22 ` "michael-o (@michael-o)" <[email protected]>
2024-03-08 21:22 ` "michael-o (@michael-o)" <[email protected]>
2024-03-08 21:22 ` "michael-o (@michael-o)" <[email protected]>
2024-03-08 21:23 ` "michael-o (@michael-o)" <[email protected]>
2024-03-18 09:04 ` "minfrin (@minfrin)" <[email protected]>
2024-03-18 09:10 ` "minfrin (@minfrin)" <[email protected]>
2024-03-18 09:10 ` "minfrin (@minfrin)" <[email protected]>
2024-03-18 09:10 ` "minfrin (@minfrin)" <[email protected]>
2024-03-18 09:10 ` "minfrin (@minfrin)" <[email protected]>
2024-03-18 09:11 ` "minfrin (@minfrin)" <[email protected]>
2024-03-18 09:11 ` "minfrin (@minfrin)" <[email protected]>
2024-03-18 09:13 ` "minfrin (@minfrin)" <[email protected]>
2024-03-25 22:31 ` "minfrin (@minfrin)" <[email protected]>
2024-03-27 11:03 ` "davecramer (@davecramer)" <[email protected]>
2024-03-27 12:54 ` "sehrope (@sehrope)" <[email protected]>
2024-04-24 08:57 ` "minfrin (@minfrin)" <[email protected]>
2024-04-24 19:51 ` "davecramer (@davecramer)" <[email protected]>
2024-04-24 21:26 ` "minfrin (@minfrin)" <[email protected]>
2024-07-16 15:47 ` "minfrin (@minfrin)" <[email protected]>
2024-09-29 11:51 ` "minfrin (@minfrin)" <[email protected]>
2024-12-10 17:41 ` "minfrin (@minfrin)" <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox