我可以通过 ProxySQL(使用 ssl)连接到 MariaDB 实例:
E:\>mysql -h 192.168.33.180 -P 6033 -u user --password=password --ssl
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 38364 Server version: 5.5.30 (ProxySQL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
但是当我尝试使用 Java 客户端连接时:
private static final String MARIADB_URL = "jdbc:mariadb://192.168.33.180:6033/offenderconnect";
private static final String MARIADB_USER = "user";
private static final String MARIADB_PASSWORD = "password";
private static final Properties properties = new Properties();
static {
properties.put("useSSL", "true");
properties.put("user", MARIADB_USER);
properties.put`enter code here`("password", MARIADB_PASSWORD);
}
...
try (Connection connectionMariaDB = DriverManager.getConnection(MARIADB_URL, properties)) {
异常输出是:
java.sql.SQLNonTransientConnectionException:无法连接到地址=(主机=192.168.33.180)(端口=6033)(类型=主):无法连接到192.168.33.180:6033:PKIX路径构建失败:sun.security.provider .certpath.SunCertPathBuilderException:无法在 org.mariadb.jdbc.internal.util.exceptions 的 org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73) 中找到请求目标的有效认证路径。 org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java: org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1394) 635) 在 org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:150) 在 org.mariadb.jdbc.Driver.connect(Driver.java:89) 在 java.sql/java.sql。DriverManager.getConnection(DriverManager.java:677) at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:189) at com.gtl.datamigration.App.checkTable(App.java:211) at com.gtl .datamigration.App.lambda$5(App.java:447) 在 java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) 在 java.base/java.util.concurrent.ThreadPoolExecutor$Worker。在 java.base/java.lang.Thread.run(Thread.java:829) 运行(ThreadPoolExecutor.java:628) 原因:java.sql.SQLNonTransientConnectionException:无法连接到 192.168.33.180:6033:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在 org.mariadb.jdbc 的 org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73) 中找到请求目标的有效证书路径。内部的.util。exceptions.ExceptionFactory.create(ExceptionFactory.java:185) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:575) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol. java:1389) ... 10 更多原因:javax.net.ssl.SSLHandshakeException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在 java.base/sun 中找到请求目标的有效证书路径.security.ssl.Alert.createSSLException(Alert.java:131) 在 java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349) 在 java.base/sun.security.ssl.TransportContext.fatal (TransportContext.java:292) 在 java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287) 在 java.base/sun.security.ssl。java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1231) 在 java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer 的 CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1356)。在 java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) 在 java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) 消费(CertificateMessage.java:1174)在 java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) 在 java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) 在 java.base/sun.security .ssl.SSLTransport.decode(SSLTransport.java:171) 在 java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1418) 在 java.base/sun.security.ssl.SSLSocketImpl。在 java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) 在 java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411) 的 readHandshakeRecord(SSLSocketImpl.java:1324)在 org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.sslWrapper(AbstractConnectProtocol.java:658) 在 org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:541) ... 11 更多原因: sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在 java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java) 中找到请求目标的有效证书路径:439) 在 java.base/sun.security.validator 的 java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)。Validator.validate(Validator.java:264) 在 java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) 在 java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java: 222) 在 java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1340) 的 java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ... 24更多原因:sun.security.provider.certpath.SunCertPathBuilderException:无法在 java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) 在 java.base 中找到请求目标的有效证书路径/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) 在 java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) 在 java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 30 更多
我尝试这个没有运气。
使用
-Djavax.net.debug=全部
出现以下附加信息:
javax.net.ssl|DEBUG|0D|pool-1-thread-1|2021-06-23 15:05:34.869 COT|CertificateMessage.java:1171|Consuming server Certificate handshake message ( "Certificate": { "certificate_request_context": "", "certificate_list": [ {
"certificate" : {
"version" : "v3",
"serial number" : "60 D2 2A 99",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=ProxySQL_Auto_Generated_CA_Certificate",
"not before" : "2021-06-22 13:23:21.000 COT",
"not after" : "2031-06-20 13:23:21.000 COT",
"subject" : "CN=ProxySQL_Auto_Generated_Server_Certificate",
"subject public key" : "RSA"}
"extensions": {
<no extension>
} }, {
"certificate" : {
"version" : "v3",
"serial number" : "60 D2 2A 99",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=ProxySQL_Auto_Generated_CA_Certificate",
"not before" : "2021-06-22 13:23:21.000 COT",
"not after" : "2031-06-20 13:23:21.000 COT",
"subject" : "CN=ProxySQL_Auto_Generated_CA_Certificate",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
}
]}
"extensions": {
<no extension>
} }, ] } )
请给我一些提示尝试。