[pgjdbc/pgjdbc] issue #3869: Support for javax.net.ssl.trustStoreType and javax.net.ssl.trustStore

pgjdbc/pgjdbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

[pgjdbc/pgjdbc] issue #3869: Support for javax.net.ssl.trustStoreType and javax.net.ssl.trustStore
3+ messages / 2 participants
[nested] [flat]

* [pgjdbc/pgjdbc] issue #3869: Support for javax.net.ssl.trustStoreType and javax.net.ssl.trustStore
@ 2025-11-20 13:14 "mkarg (@mkarg)" <[email protected]>
  0 siblings, 0 replies; 3+ messages in thread

From: mkarg (@mkarg) @ 2025-11-20 13:14 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

# Enhancement Request

## Aim

Please add support for `javax.net.ssl.trustStoreType` and `javax.net.ssl.trustStore`.

## Description

The PostgreSQL JDBC Driver shall respect and support the global Java properties `javax.net.ssl.trustStoreType` and `javax.net.ssl.trustStore`: When those properties are given non-null, the JDBC driver shall load the certificates for TLS server verification from the trust store defined by those properties.

## Justification

* This is an integral feature of OpenJDK.
* Other JDBC drivers (e. g. Microsoft SQL Server) do respect and support it.
* On Windows clients it is typical to hold the server certificates in a Windows-integrated (non-file) store ("Local Machine Certificate Store" aka `certlm`). OpenJDK has built-in support for certificate lookups from that store. It just needs to get enabled using `java -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NUL` to make use of it.
* On Windows, it is (due to that) *untypical and uncalled complicated* to explicitly move a certificate from that OS-integrated store to a standalone file on disk.

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: [pgjdbc/pgjdbc] issue #3869: Support for javax.net.ssl.trustStoreType and javax.net.ssl.trustStore
@ 2025-11-20 13:29 ` "davecramer (@davecramer)" <[email protected]>
  1 sibling, 0 replies; 3+ messages in thread

From: davecramer (@davecramer) @ 2025-11-20 13:29 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

did you mean JDBC `Other ODBC drivers (e. g. Microsoft SQL Server) do respect and support it.` ?

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: [pgjdbc/pgjdbc] issue #3869: Support for javax.net.ssl.trustStoreType and javax.net.ssl.trustStore
@ 2025-11-21 11:32 ` "mkarg (@mkarg)" <[email protected]>
  1 sibling, 0 replies; 3+ messages in thread

From: mkarg (@mkarg) @ 2025-11-21 11:32 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

Sorry this was a typo. Yes, certainly I meant to write `Other JDBC drivers`.

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

end of thread, other threads:[~2025-11-21 11:32 UTC | newest]

Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-11-20 13:14 [pgjdbc/pgjdbc] issue #3869: Support for javax.net.ssl.trustStoreType and javax.net.ssl.trustStore "mkarg (@mkarg)" <[email protected]>
2025-11-20 13:29 ` "davecramer (@davecramer)" <[email protected]>
2025-11-21 11:32 ` "mkarg (@mkarg)" <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox