*** URGENT *** SSL Documentation?!

*** URGENT *** SSL Documentation?!

Postby hmuscroft » Fri 28 Aug 2009 20:11

I have an urgent requirement to implement SSL in my application.

However, the documentation you have provided is out of date and incorrect. The documentation gives this example :-

Code: Select all
PgSqlConnection conn = new PgSqlConnection("user id=postgres;password=postgres;host=localhost;");
conn.SslOptions.Cert = "E:\Test\client.p12";
conn.SslOptions.Password = "";
conn.SslOptions.TargetHost = "pg_server";
conn.SslOptions.SslMode = SslMode.Require;
conn.Open();

This is completely incorrect and won't even compile. According to IntelliSense, the actual members of 'SslOptions' are :-

CACert = location of authority certificate
Cert = location of client certificate
CipherList = list of ciphers the client agrees to use
Key = location of users private key
SslMode =

Please will you provide an in-depth guide on how to set this up? Also, according to the PostgreSQL documentation here :-
http://www.postgresql.org/docs/8.1/static/ssl-tcp.html
When the root.crt file is not present, client certificates will not be requested or checked. In this mode, SSL provides communication security but not authentication.


...client authentication is optional and we should be able to omit it and only encrypt the communication without any client authentication. I have already implemented this with my client's PostgreSQL installation - please can you let me know how to implement this with your provider?

Thanks, Hedley
hmuscroft
 
Posts: 23
Joined: Tue 28 Nov 2006 10:07

Postby Shalex » Mon 31 Aug 2009 07:54

1. We have sent you by e-mail the updated Using Secure Connections article. It will be available in our documentation in the nearest future.

2. If root.crt is not set at the PostgreSQL server side, server will not check the client certificate (client.crt and client.key are not necessary to be set at the client side, because they will not be used).
If root.crt is not set at the client side, client will not check the server certificate.
Therefore, server and client should be configured without root.crt to use SSL without authentication.
Shalex
Devart Team
 
Posts: 7793
Joined: Thu 14 Aug 2008 12:44

Postby hmuscroft » Mon 31 Aug 2009 09:05

Thanks Shalex - got it up-and-running now. There's a typo in the documentation. It says :-

- client certificate (for example client.crt) - used to encrypt and decrypt data during connection.
- private key (for example client.crt) - proves client certificate sent by owner; does not indicate certificate owner is trustworthy.

The second item should read "private key (for example client.key)".

Thanks again.
hmuscroft
 
Posts: 23
Joined: Tue 28 Nov 2006 10:07


Return to dotConnect for PostgreSQL