Closed dajudge closed 4 years ago
Thanks for bringing this issue up. It makes sense to align with Microsoft's JDBC driver in terms of configuration options. I'd suggest to introduce trustStore
and trustStorePassword
options to allow a String
-based configuration in the first place. Loading trust material during connection initialization allows for just-in-time selection of certificates. An already-loaded KeyStore
does not necessarily reflect changes to the trust material during runtime.
On a related note, the Postgres driver accepts a customizer function (sslContextBuilderCustomizer(Function<SslContextBuilder, SslContextBuilder> sslContextBuilderCustomizer)
) that allows very detailed customizations of the SSL behavior. We should add a similar configuration possibility as well. I created #152 to track the SSL customizer.
I updated the PR #150 according to your proposed alternative solution w/ trustStore
& trustStorePassword
.
Feature Request
Allow custom trust store for server certificate verification.
Is your feature request related to a problem? Please describe
In some situations it's not desirable to verify the server certificate against the JVM's default trust store.
Describe the solution you'd like
Allow configuration of a custom trust store for certificate verification.
Describe alternatives you've considered
None
Teachability, Documentation, Adoption, Migration Strategy
None