30 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			30 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| layout: default_docs
 | |
| title: Custom SSLSocketFactory
 | |
| header: Chapter 4. Using SSL
 | |
| resource: media
 | |
| previoustitle: Configuring the Client
 | |
| previous: ssl-client.html
 | |
| nexttitle: Chapter 5. Issuing a Query and Processing the Result
 | |
| next: query.html
 | |
| ---
 | |
| 
 | |
| PostgreSQL™ provides a way for developers to customize how a SSL connection is
 | |
| established. This may be used to provide a custom certificate source or other
 | |
| extensions by allowing the developer to create their own `SSLContext` instance.
 | |
| The connection URL parameters `sslfactory` and `sslfactoryarg` allow the user
 | |
| to specify which custom class to use for creating the `SSLSocketFactory`. The
 | |
| class name specified by `sslfactory` must extend `javax.net.ssl.SSLSocketFactory`
 | |
| and be available to the driver's classloader. This class must have a zero argument
 | |
| constructor or a single argument constructor taking a String argument. This
 | |
| argument may optionally be supplied by `sslfactoryarg`.
 | |
| 
 | |
| Information on how to actually implement such a class is beyond the scope of this
 | |
| documentation. Places to look for help are the [JSSE Reference Guide](https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html)
 | |
| and the source to the `NonValidatingFactory` provided by the JDBC driver.
 | |
| 
 | |
| The Java SSL API is not very well known to the JDBC driver developers and we
 | |
| would be interested in any interesting and generally useful extensions that you
 | |
| have implemented using this mechanism. Specifically it would be nice to be able
 | |
| to provide client certificates to be validated by the server.
 | 
