Message-ID: From: "mkarg (@mkarg)" To: "pgjdbc/pgjdbc" Date: Thu, 20 Nov 2025 13:14:19 +0000 Subject: [pgjdbc/pgjdbc] issue #3869: Support for javax.net.ssl.trustStoreType and javax.net.ssl.trustStore List-Id: X-GitHub-Author-Id: 1701815 X-GitHub-Author-Login: mkarg X-GitHub-Issue: 3869 X-GitHub-Repo: pgjdbc/pgjdbc X-GitHub-State: open X-GitHub-Type: issue X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/issues/3869 Content-Type: text/plain; charset=utf-8 # Enhancement Request ## Aim Please add support for `javax.net.ssl.trustStoreType` and `javax.net.ssl.trustStore`. ## Description The PostgreSQL JDBC Driver shall respect and support the global Java properties `javax.net.ssl.trustStoreType` and `javax.net.ssl.trustStore`: When those properties are given non-null, the JDBC driver shall load the certificates for TLS server verification from the trust store defined by those properties. ## Justification * This is an integral feature of OpenJDK. * Other JDBC drivers (e. g. Microsoft SQL Server) do respect and support it. * On Windows clients it is typical to hold the server certificates in a Windows-integrated (non-file) store ("Local Machine Certificate Store" aka `certlm`). OpenJDK has built-in support for certificate lookups from that store. It just needs to get enabled using `java -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NUL` to make use of it. * On Windows, it is (due to that) *untypical and uncalled complicated* to explicitly move a certificate from that OS-integrated store to a standalone file on disk.