My application must make an SSL connection to a Maria DB instance.
Here is my connection string
jdbc:mariadb://:3306/?serverSslCert=&jdbcCompliantTruncation=false&verifyServerCertificate=true&useSSL=true&enabledSslProtocolSuites=TLSv1.1&autoReconnect=true
This worked fine but now my application needs to create an https connection and present a client certificate.
HttpClientBuilder hcb = HttpClients.custom();
hcb.useSystemProperties();
hcb.setUserAgent(AGENT);
hcb.setDefaultCookieStore(new BasicCookieStore());
SSLContext sslContext = SSLContexts.createSystemDefault();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
hcb.setSSLSocketFactory(sslsf);
client = hcb.build();
When I start my application with javax.net.ssl.keyStore set, I get the following exception
org.springframework.jdbc.CannotGetJdbcConnectionException: Could not get JDBC Connection; nested exception is org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Could not connect to :3306: Unsupported record version Unknown-0.0)
at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:80)
at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:573)
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:637)
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:666)
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:674)
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:718)
at gov.dni.search.intelsync.common.dao.MySQLDAO.getSyncRecords(MySQLDAO.java:71)
at gov.dni.search.intelsync.common.client.SyncClient.getSyncRecords(SyncClient.java:283)
at gov.dni.search.intelsync.common.ExporterUpdater.call(ExporterUpdater.java:53)
at gov.dni.search.intelsync.common.ExporterUpdater.call(ExporterUpdater.java:22)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Could not connect to :3306: Unsupported record version Unknown-0.0)
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549)
at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388)
at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)
at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:111)
at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:77)
… 15 more
Caused by: java.sql.SQLNonTransientConnectionException: Could not connect to :3306: Unsupported record version Unknown-0.0
at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.get(ExceptionMapper.java:156)
at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.getException(ExceptionMapper.java:118)
at org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.throwException(ExceptionMapper.java:92)
at org.mariadb.jdbc.Driver.connect(Driver.java:111)
at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38)
at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556)
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545)
… 19 more
Caused by: java.sql.SQLException: Could not connect to :3306: Unsupported record version Unknown-0.0
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.handleConnectionPhases(AbstractConnectProtocol.java:712)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connect(AbstractConnectProtocol.java:405)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1028)
at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:483)
at org.mariadb.jdbc.Driver.connect(Driver.java:106)
… 23 more
Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-0.0
at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:524)
at sun.security.ssl.InputRecord.read(InputRecord.java:509)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.handleConnectionPhases(AbstractConnectProtocol.java:686)
… 27 more
So it would seem that the app can either make a secure database connection (required) or identify itself to an http server (also required).
I am using mariadb-java-client-1.6.2.jar but have tried the latest version that is compatible with Java 7 (1.7.1) and still get the same error.
My primary question is, am I doing something wrong or is it not possible to use a secured connection to mariadb while having javax.net.ssl.keyStore set? Do I need to put the (mariadb) server certificate in the keystore?
Barring that, is there some other way that I can tell my HttpClient to use the keystore without providing it through javax.net.ssl.keyStore?