|View Issue Details|
|Type||Category||Severity||Reproducibility||Date Submitted||Last Update|
|design defect||[Openbravo ERP] A. Platform||major||have not tried||2019-08-13 09:30||2019-08-13 09:31|
|Priority||normal||Resolution||open||Fixed in Version|
|Status||new||Fix in branch||Fixed in SCM revision|
|OS Version||Database version||Ant version|
|Product Version||SCM revision|
|Review Assigned To|
|Regression introduced in release|
|Regression introduced by commit|
|Triggers an Emergency Pack||No|
0041638: Not possible to configure jdbc connection to Postgres using SSL in a usable way
|Description||In some scenarios it is wanted to use SSL encryption between the application and the database which is a feature supported by jdbc.|
Currently openbravo does not allow to configure this in any usable way and relies on workarounds getting it to work only partially.
To configure it using postgres database it is requried to add ssl=true connection parameter when creating the database connection.
Openbravo currently constructs a jdbc URL String to connect to the database. In that URL connection properties come at the end of the String.
Currently people use the fact and in most connections the bbdd.sid line from Openbravo.properties (database name) is the last value used to build said URL and just change it from i.e.
While that makes typical things work with SSL it immediately causes some regressions and other code assuming (correctly) that bbdd.sid is the database name now needs to strip out that extra values (i.e. openbravo-backup scripts where patched to do that).
- install.source has code not using above database name as it needs to create the database initially. Meaning that code will not use SSL and when ssl is required on db side cause issues like 41296.
- Other code may connect to jdbc differently than assumed above and again miss to use SSL i.e. 41314.
|Steps To Reproduce||Setup postgres database with SSL connection and configure pg_hba.conf to use 'hostssl' effectively requiring SSL to be used.|
|Proposed Solution||Add a new Openbravo.properties line i.e. bbdd.params to define any jdbc connection parameter (like ssl).|
Find & fix every code creating a database connection to properly use that new parameter.
- pi code running Openbravo itself (in tomcat)
- every build.xml target working with the database
- scripts used in CI
The last 3 are important if we ever want to add automated tests for this scenario (ssl required on jdbc level)
|Tags||No tags attached.|
|2019-08-13 09:30||shuehner||New Issue|
|2019-08-13 09:30||shuehner||Assigned To||=> platform|
|2019-08-13 09:30||shuehner||Modules||=> Core|
|2019-08-13 09:30||shuehner||Triggers an Emergency Pack||=> No|
|2019-08-13 09:30||shuehner||Relationship added||blocks 0041296|
|2019-08-13 09:31||shuehner||Relationship added||blocks 0041314|
|Copyright © 2000 - 2009 MantisBT Group|