This patch extends jTDS to allow a custom SSLSocketFactory implementation to be used instead of the standard ones built into the driver. This allows the library user to customise a fair amount of the SSL connection with the database, in particular:
Two new configuration properties have been added to support this:
This still requires that the existing 'ssl' configuration property is set to either 'request', 'require', or 'authenticate': request still only enables SSL if supported by the database; require and authenticate are treated identically if a custom SSL socket factory is in use as it now has responsibility for server authentication. If the custom SSL socket factory is not in use then the 'ssl' configuration property continues to operate in exactly the same way as before.
I have refactored how the socket factory is created a little, so that it is done earlier in the process, so that errors with the custom socket factory configuration (e.g. invalid class name, inaccessible class, etc.) are now reported earlier and indicate what the problem is.
The patch is attached and can also be found at https://gist.github.com/davidbryant/446dcb82fa10bc0400f6.
Note that this patch does not resolve the hang when establishing an SSL connection with the JRE BEAST mitigation enabled as reported in bug#690.
Anonymous