Skip to content

Fixes ISSUE-41638: Not possible to configure jdbc connection to Postgres using SSL in a usable way

Cristian Berner requested to merge openbravo/devel/openbravo:fix/41638-jdbc-ssl into master

A new property is added that allows putting extra properties on the url connection to database, allowing extra parameters. These extra properties allows configuring for example the jdbc to be connected through ssl with different modes.

# Some of the [available options](https://jdbc.postgresql.org/documentation/ssl/#configuring-the-client):
#  - disable: I don’t care about security and don’t want to pay the overhead for encryption
#  - require: I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want.
#  - verify-full: I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it’s the one I specify.
bbdd.props=sslmode=?

Proof of concept

Related MRs

Testing

Try retail job is no longer available, but these are the results:

image

To take into account

  • Check mobile-test and backoffice-test, they have their own jdbc connections.
  • build.xml <condition property="bbdd.owner.url" value="${bbdd.url}/${bbdd.sid}" else="${bbdd.url}">
  • build-create.xml <condition property="bbdd.owner.url" value="${bbdd.url}/${bbdd.sid}" else="${bbdd.url}">
  • database/build.xml <condition property="bbdd.owner.url" value="${bbdd.url}/${bbdd.sid}" else="${bbdd.url}">
  • ConfigurationApp process used to modify the Openbravo.properties interactively, it might need the new props to also be modifiable
  • ModuleManagement usage of DB sid.
  • WADConnection, understand how to launch its execution.
  • reporting modules and usage of reporting database
  • mod-merged-rds jobs should be updated or their appliances should use sslmode=verify-full: https://builds.openbravo.com/view/modules/job/mod-merged-rds-pg12-amd/
Edited by Cristian Berner

Merge request reports