From bc1992c34866da105baa76547fcea614f49d5736 Mon Sep 17 00:00:00 2001
From: "eugene.livis" <elivis@basistech.com>
Date: Mon, 30 Oct 2023 09:41:37 -0400
Subject: [PATCH] More work

---
 .../src/org/sleuthkit/datamodel/CaseDatabaseFactory.java    | 3 ++-
 .../java/src/org/sleuthkit/datamodel/SleuthkitCase.java     | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java b/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
index 6e3ffe683..075bcac5a 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/CaseDatabaseFactory.java
@@ -718,7 +718,8 @@ Connection getConnection(String databaseName) throws TskCoreException {
 				// NonValidatingFactory avoids hostname verification.
 				// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can�t be encrypted. 
                 // In this mode, the JDBC driver accepts all server certificates.
-				url.append("?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require");
+				//url.append("?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require");
+				url.append("?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&sslmode=verify-ca");
 			}
 			
 			Connection conn;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
index 01e59f885..3a9985ccd 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -299,7 +299,8 @@ public static void tryConnect(CaseDbConnectionInfo info) throws TskCoreException
 				// NonValidatingFactory avoids hostname verification.
 				// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can�t be encrypted. 
                 // In this mode, the JDBC driver accepts all server certificates.
-				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
+				//connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
+				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&sslmode=verify-ca";
 			}
 			Connection conn = DriverManager.getConnection(connectionURL, info.getUserName(), info.getPassword()); //NON-NLS
 			if (conn != null) {
@@ -13410,7 +13411,8 @@ private final class PostgreSQLConnections extends ConnectionPool {
 				// NonValidatingFactory avoids hostname verification.
 				// sslmode=require: This mode makes the encryption mandatory and also requires the connection to fail if it can�t be encrypted. 
                 // In this mode, the JDBC driver accepts all server certificates.
-				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
+				//connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslmode=require";
+				connectionURL += "?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory&sslmode=verify-ca";
 			}
 			comboPooledDataSource.setJdbcUrl(connectionURL);
 			comboPooledDataSource.setUser(info.getUserName());
-- 
GitLab