[CONJ-1080] maridb Java connector sslMode=verify-ca complaining unable to find trust certificate. Created: 2023-05-19  Updated: 2023-07-31  Resolved: 2023-07-31

Status: Closed
Project: MariaDB Connector/J
Component/s: JDBC compatibility
Affects Version/s: 3.1.2
Fix Version/s: 3.2.0

Type: Bug Priority: Major
Reporter: prasad mavuluru Assignee: Diego Dupin
Resolution: Fixed Votes: 0
Labels: None
Environment:

openjdk version "11.0.7" 2020-04-14
centos 7
mariadb-java 3.1.2


 Description   

Hi,

I am having issue after upgrading my DB from 3.2 to 3.6 with jdbc connector. we are using 3.1.2 version client driver to establish communication with db.

jdbc:mariadb://<<host>:3306/conviction?keyStore=/etc/pki/vault-db-dbadmin/keystore.p12&keyStorePassword=***********************************&trustStore=/etc/pki/vault-db-dbadmin/truststore.jks&trustStorePassword=***********************************&sslMode=verify-ca&enabledSslProtocolSuites=TLSv1.2&dumpQueriesOnException=false&keyStoreType=PKCS12&trustStoreType=JKS) for user '<user>': (conn=120412) Could not connect to <host>:3306 : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Connection id: 118429
Current database:
Current user: <masked-user>@<masked-host>
SSL: Cipher in use is DHE-RSA-AES256-SHA256
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 10.6.12-MariaDB-log MariaDB Server
Protocol version: 10
Connection: <db host> via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
TCP port: 3306
Uptime: 1 day 5 hours 13 min 1 sec

 Comments   
Comment by prasad mavuluru [ 2023-05-19 ]

previously useSSL=true was working fine

Comment by Diego Dupin [ 2023-06-02 ]

It seems culprit is beeing trustStoreType not taken in accound, using default java type, so for java 11 this is PKCS12.
Correction is done in 3.1.5-SNAPSHOT.

Is it possible to confirm correction using : 

<repositories>
 
    <repository>
 
        <id>sonatype-nexus-snapshots</id>
 
        <name>Sonatype Nexus Snapshots</name>
 
        <url>https://oss.sonatype.org/content/repositories/snapshots</url>
 
    </repository>
 
</repositories>
 
 
 
<dependencies>
 
    <dependency>
 
        <groupId>org.mariadb.jdbc</groupId>
 
        <artifactId>mariadb-java-client</artifactId>
 
        <version>3.1.5-SNAPSHOT</version>
 
    </dependency>
 
</dependencies>

Comment by Diego Dupin [ 2023-06-09 ]

prasadm1983 did you try with snapshot to confirm that correction will solve issue ?

Generated at Thu Feb 08 03:20:28 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.