I want to create and configure SSLContext object and then make mysql.jdbc.Driver use it for establishing secure connection. Is there an approach for it better then custom jdbc.Driver?
Add a comment
|
1 Answer
You can create a custom com.mysql.jdbc.SocketFactory class that creates SSLSockets using an SSLSocketFactory coming from this SSLContext. Then, you can pass that class name to the MySQL JDBC connector using the socketFactory property (see table in the documentation).
This needs to have a constructor with no parameters, but its Socket connect(String host, Properties props) method should get the JDBC properties via its props parameter (if you need).
Note that you should not only check the validity of your certificate, but also check that the host name matches. If you're using Java 7, this can be done like this before returning the SSLSocket you've just created:
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
sslSocket.setSSLParameters(sslParams);
(The host name matching rules for HTTPS should be sufficiently sensible for most protocols, including MySQL.)
1 Comment
Adrien
It seems it would replace the StandardSocketFactory[1], so you would lose all features relating to timeouts, keepalive and buffersize, wouldn't you? [1]docjar.com/html/api/com/mysql/jdbc/…