Simon Lundstrom created AMQ-6836: ------------------------------------ Summary: JVM trustStore does not propagate to JDBC Key: AMQ-6836 URL: https://issues.apache.org/jira/browse/AMQ-6836 Project: ActiveMQ Issue Type: Bug Components: JDBC Affects Versions: 5.15.1 Environment: {code} # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty # java -version java version "1.8.0_112" Java(TM) SE Runtime Environment (build 1.8.0_112-b15) Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode) {code} Reporter: Simon Lundstrom
When configuring ActiveMQ to use JDBC and MySQL with SSL the JVMs trustStore does not propagate to the MySQL driver. Neither the JVMs default trustStore {{jre/lib/security/cacerts}} nor if you configure a trustStore with {{-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts}} will be used when connecting to MySQL. For it to work you *have* to configure it with {{trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts}} in the JDBC URL. We have tested to write code which both uses plain JDBC and DBCP and both of those works by using the default cacert-file and one specified with {{-Djavax.net.ssl.trustStore}}. Example code: {code} import java.io.IOException; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import org.apache.commons.dbcp2.BasicDataSource; import javax.sql.DataSource; public class Launcher { public static void main(String[] args) throws SQLException, ClassNotFoundException { StringBuffer sb = new StringBuffer("jdbc:mysql://hostname/database?useSSL=true&"); sb.append("useJDBCCompliantTimezoneShift=true&requireSSL=true&verifyServerCertificate=true&connectTimeout=5000&socketTimeout=5000&queryTimeoutKillsConnection=true&"); sb.append("poolPreparedStatements=true&validationQuery=select 1&"); // sb.append("trustCertificateKeyStorePassword=changeit&"); // sb.append("trustCertificateKeyStoreUrl=file:///etc/ssl/certs/java/cacerts&"); sb.append("user=user&password=password"); DataSource dataSource = setupDataSource(sb.toString()); Connection c = dataSource.getConnection(); Statement st = c.createStatement(); ResultSet rs = st.executeQuery("SELECT 1 as id"); while (rs.next()) { System.out.println(rs.getInt("id")); } rs.close(); st.close(); c.close(); } public static DataSource setupDataSource(String connectURI) { BasicDataSource ds = new BasicDataSource(); ds.setDriverClassName("com.mysql.jdbc.Driver"); ds.setUrl(connectURI); return ds; } } {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)