Comments - About MariaDB Connector/J

5 years, 7 months ago Mark

I am using the following connection string

jdbc:mariadb:${db.server.name}:${db.server.port}/${db.name}?serverSslCert=<path to pem file>&jdbcCompliantTruncation=false&verifyServerCertificate=true&useSSL=true&enabledSslProtocolSuites=TLSv1.1&autoReconnect=true&disableSslHostnameVerification=true

I use this connection in an application which also acts as a client to servers requiring client authentication; the authentication information is provided via javax.net.ssl.keyStore(Password) properties which point to a JKS file. When defined, these properties interfere with the database connection and cause it to fail with

Unsupported record version Unknown-0.0

but when I run without these properties the connection works fine. I surmise that the driver is using these properties instead of the provided serverSslCert property; is there a way to make the driver ignore the javax.net.ssl.* properties and work with what is given in its serverSslCert property?

 
5 years, 7 months ago Diego Dupin

I imagine that the double slash have been removed due to posting format.

The connection string seems right.

That is strange because this message seems to correspond to this error https://jira.mariadb.org/browse/MDEV-12190 : When server is compiled with yassl and connector send a TLSv1.2 version, then yassl implementation was lost and send this exact message. these has been corrected since MDEV-12190. It seems that options are not taken in account. maybe the &amp; to replace & when using jboss for example ?

 
5 years, 7 months ago Mark

We are using a 10.1.x version of MariaDb so perhaps you have identified the problem. I will see about upgrading and hope that this problem will be resolved.

 
5 years, 7 months ago Mark

The "&amp;" are included because I took this out of an XML document where the '&' characters have to be encoded. I will check with our admins to see what version of MariaDb we are running. Thank you for your suggestion.

 
5 years, 7 months ago Diego Dupin

MDEV-12190 has been backported recently 10.1 too, so an update to latest 10.1.x version must be sufficient.

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.