You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Simon Lundstrom (JIRA)" <ji...@apache.org> on 2017/10/11 12:10:00 UTC
[jira] [Created] (AMQ-6836) JVM trustStore does not propagate to
JDBC
Simon Lundstrom created AMQ-6836:
------------------------------------
Summary: JVM trustStore does not propagate to JDBC
Key: AMQ-6836
URL: https://issues.apache.org/jira/browse/AMQ-6836
Project: ActiveMQ
Issue Type: Bug
Components: JDBC
Affects Versions: 5.15.1
Environment: {code}
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
# java -version
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)
{code}
Reporter: Simon Lundstrom
When configuring ActiveMQ to use JDBC and MySQL with SSL the JVMs trustStore does not propagate to the MySQL driver.
Neither the JVMs default trustStore {{jre/lib/security/cacerts}} nor if you configure a trustStore with {{-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts}} will be used when connecting to MySQL.
For it to work you *have* to configure it with {{trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts}} in the JDBC URL.
We have tested to write code which both uses plain JDBC and DBCP and both of those works by using the default cacert-file and one specified with {{-Djavax.net.ssl.trustStore}}.
Example code:
{code}
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.commons.dbcp2.BasicDataSource;
import javax.sql.DataSource;
public class Launcher {
public static void main(String[] args) throws SQLException, ClassNotFoundException {
StringBuffer sb = new StringBuffer("jdbc:mysql://hostname/database?useSSL=true&");
sb.append("useJDBCCompliantTimezoneShift=true&requireSSL=true&verifyServerCertificate=true&connectTimeout=5000&socketTimeout=5000&queryTimeoutKillsConnection=true&");
sb.append("poolPreparedStatements=true&validationQuery=select 1&");
// sb.append("trustCertificateKeyStorePassword=changeit&");
// sb.append("trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts&");
sb.append("user=user&password=password");
DataSource dataSource = setupDataSource(sb.toString());
Connection c = dataSource.getConnection();
Statement st = c.createStatement();
ResultSet rs = st.executeQuery("SELECT 1 as id");
while (rs.next()) {
System.out.println(rs.getInt("id"));
}
rs.close(); st.close(); c.close();
}
public static DataSource setupDataSource(String connectURI) {
BasicDataSource ds = new BasicDataSource();
ds.setDriverClassName("com.mysql.jdbc.Driver");
ds.setUrl(connectURI);
return ds;
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)