You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Simon Lundstrom (JIRA)" <ji...@apache.org> on 2017/10/11 12:10:00 UTC

[jira] [Created] (AMQ-6836) JVM trustStore does not propagate to JDBC

Simon Lundstrom created AMQ-6836:
------------------------------------

             Summary: JVM trustStore does not propagate to JDBC
                 Key: AMQ-6836
                 URL: https://issues.apache.org/jira/browse/AMQ-6836
             Project: ActiveMQ
          Issue Type: Bug
          Components: JDBC
    Affects Versions: 5.15.1
         Environment: {code}
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.5 LTS
Release:        14.04
Codename:       trusty
# java -version
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
{code}
            Reporter: Simon Lundstrom


When configuring ActiveMQ to use JDBC and MySQL with SSL the JVMs trustStore does not propagate to the MySQL driver.

Neither the JVMs default trustStore {{jre/lib/security/cacerts}} nor if you configure a trustStore with  {{-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts}} will be used when connecting to MySQL.

For it to work you *have* to configure it with {{trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts}} in the JDBC URL.

We have tested to write code which both uses plain JDBC and DBCP and both of those works by using the default cacert-file and one specified with {{-Djavax.net.ssl.trustStore}}.

Example code:
{code}
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.commons.dbcp2.BasicDataSource;
import javax.sql.DataSource;

public class Launcher {
  public static void main(String[] args) throws SQLException, ClassNotFoundException {
    StringBuffer sb = new StringBuffer("jdbc:mysql://hostname/database?useSSL=true&");
    sb.append("useJDBCCompliantTimezoneShift=true&requireSSL=true&verifyServerCertificate=true&connectTimeout=5000&socketTimeout=5000&queryTimeoutKillsConnection=true&");
    sb.append("poolPreparedStatements=true&validationQuery=select 1&");
    // sb.append("trustCertificateKeyStorePassword=changeit&");
    // sb.append("trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts&");
    sb.append("user=user&password=password");

    DataSource dataSource = setupDataSource(sb.toString());
    Connection c = dataSource.getConnection();

    Statement st = c.createStatement();
    ResultSet rs = st.executeQuery("SELECT 1 as id");
    while (rs.next()) {
      System.out.println(rs.getInt("id"));
    }
    rs.close(); st.close(); c.close();

  }
  public static DataSource setupDataSource(String connectURI) {
    BasicDataSource ds = new BasicDataSource();
    ds.setDriverClassName("com.mysql.jdbc.Driver");
    ds.setUrl(connectURI);
    return ds;
  }
}
{code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)