Message-ID: <gh-pgjdbc-pgjdbc-3349-c2862713753@github.com>
From: "davecramer (@davecramer)" <noreply+davecramer@github.com>
To: "pgjdbc/pgjdbc" <noreply+pgjdbc-pgjdbc@github.com>
Date: Thu, 08 May 2025 11:29:20 +0000
Subject: Re: [pgjdbc/pgjdbc] issue #3349: SSL connection is not established
In-Reply-To: <gh-pgjdbc-pgjdbc-3349@github.com>
References: <gh-pgjdbc-pgjdbc-3349@github.com>
List-Id: <gh-pgjdbc-pgjdbc.github.com>
X-GitHub-Author-Login: davecramer
X-GitHub-Comment-Id: 2862713753
X-GitHub-Comment-Type: issue_comment
X-GitHub-Issue: 3349
X-GitHub-Repo: pgjdbc/pgjdbc
X-GitHub-Type: comment
X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/issues/3349#issuecomment-2862713753
Content-Type: text/plain; charset=utf-8

As I mentioned previously the default trustmanager does not check the expiry date https://security.stackexchange.com/questions/105637/does-trustmanager-pkix-or-rfc-3280-x-509-really-check-the-expiration-date-of-a

If you want to enforce it you may want to implement a different trustmanager