From 0d932916aa8ae44d57e447f25e8375a221b8fc5a Mon Sep 17 00:00:00 2001
From: "eugene.livis" <elivis@basistech.com>
Date: Thu, 19 Oct 2023 17:00:21 -0400
Subject: [PATCH] Fixes to get SSL working

---
 .../src/org/sleuthkit/datamodel/CaseDatabaseFactory.java  | 4 +++-
 .../java/src/org/sleuthkit/datamodel/SleuthkitCase.java   | 8 ++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java b/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
index da21a76cf..6e3ffe683 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
@@ -716,7 +716,9 @@ Connection getConnection(String databaseName) throws TskCoreException {
 			if (info.isSslEnabled()) {
 				// ssl=true: enables SSL encryption. 
 				// NonValidatingFactory avoids hostname verification.
-				url.append("?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory");
+				// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can�t be encrypted. 
+                // In this mode, the JDBC driver accepts all server certificates.
+				url.append("?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require");
 			}
 			
 			Connection conn;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
index bb832bd52..01e59f885 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -297,7 +297,9 @@ public static void tryConnect(CaseDbConnectionInfo info) throws TskCoreException
 			if (info.isSslEnabled()) {
 				// ssl=true: enables SSL encryption. 
 				// NonValidatingFactory avoids hostname verification.
-				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory";
+				// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can�t be encrypted. 
+                // In this mode, the JDBC driver accepts all server certificates.
+				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
 			}
 			Connection conn = DriverManager.getConnection(connectionURL, info.getUserName(), info.getPassword()); //NON-NLS
 			if (conn != null) {
@@ -13406,7 +13408,9 @@ private final class PostgreSQLConnections extends ConnectionPool {
 			if (info.isSslEnabled()) {
 				// ssl=true: enables SSL encryption. 
 				// NonValidatingFactory avoids hostname verification.
-				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory";
+				// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can�t be encrypted. 
+                // In this mode, the JDBC driver accepts all server certificates.
+				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
 			}
 			comboPooledDataSource.setJdbcUrl(connectionURL);
 			comboPooledDataSource.setUser(info.getUserName());
-- 
GitLab