[AMQ-6836] JVM trustStore does not propagate to JDBC - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 5.15.1
Fix Version/s: None
Component/s: JDBC
Labels:
None
Environment:
Hide

# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty # java -version java version "1.8.0_112" Java(TM) SE Runtime Environment (build 1.8.0_112-b15) Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
Show
# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty # java -version java version "1.8.0_112" Java(TM) SE Runtime Environment (build 1.8.0_112-b15) Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)

Description

When configuring ActiveMQ to use JDBC and MySQL with SSL the JVMs trustStore does not propagate to the MySQL driver.

Neither the JVMs default trustStore jre/lib/security/cacerts nor if you configure a trustStore with -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts will be used when connecting to MySQL.

For it to work you have to configure it with trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts in the JDBC URL.

We have tested to write code which both uses plain JDBC and DBCP and both of those works by using the default cacert-file and one specified with -Djavax.net.ssl.trustStore.

Example code:

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.commons.dbcp2.BasicDataSource;
import javax.sql.DataSource;

public class Launcher {
  public static void main(String[] args) throws SQLException, ClassNotFoundException {
    StringBuffer sb = new StringBuffer("jdbc:mysql://hostname/database?useSSL=true&");
    sb.append("useJDBCCompliantTimezoneShift=true&requireSSL=true&verifyServerCertificate=true&connectTimeout=5000&socketTimeout=5000&queryTimeoutKillsConnection=true&");
    sb.append("poolPreparedStatements=true&validationQuery=select 1&");
    // sb.append("trustCertificateKeyStorePassword=changeit&");
    // sb.append("trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts&");
    sb.append("user=user&password=password");

    DataSource dataSource = setupDataSource(sb.toString());
    Connection c = dataSource.getConnection();

    Statement st = c.createStatement();
    ResultSet rs = st.executeQuery("SELECT 1 as id");
    while (rs.next()) {
      System.out.println(rs.getInt("id"));
    }
    rs.close(); st.close(); c.close();

  }
  public static DataSource setupDataSource(String connectURI) {
    BasicDataSource ds = new BasicDataSource();
    ds.setDriverClassName("com.mysql.jdbc.Driver");
    ds.setUrl(connectURI);
    return ds;
  }
}

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Simon Lundstrom

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Oct/17 12:09

Updated:: 11/Oct/17 12:09