Done
Details
Assignee
Julian LadischJulian LadischReporter
Julian LadischJulian LadischPriority
P3Story Points
2Sprint
NoneDevelopment Team
Core: PlatformFix versions
TestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Julian Ladisch
Julian LadischReporter
Julian Ladisch
Julian LadischPriority
P3Story Points
2
Sprint
None
Development Team
Core: Platform
Fix versions
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created January 8, 2020 at 10:49 AM
Updated February 10, 2022 at 9:02 PM
Resolved February 10, 2022 at 9:02 PM
The client needs a ca .pem certificate to check the SSL/TLS certificate presented by the PostgreSQL server:
https://vertx.io/docs/vertx-pg-client/java/#_using_ssl_tls
Add an option to the PostgreSQL configuration that contains that ca .pem certificate.
If that option is used the module requires a SSL/TLS connection and a valid server certificate when connecting to PostgreSQL by setting sslmode=verify-full.
Required unit tests:
If the option is set:
Connection is rejected if connection is unencrypted.
Connection is rejected if connection uses SSLv2Hello, SSLv3, TLSv1, TLSv1.1 or TLSv1.2 (only TLSv1.3 is allowed)
Connection is rejected if server certificate is valid but is not issued for the hostname configured in DB_HOST