0

我可以通过 ProxySQL(使用 ssl)连接到 MariaDB 实例:

E:\>mysql -h 192.168.33.180 -P 6033 -u user --password=password --ssl 
Welcome to the MariaDB monitor.  Commands end with ; or \g. Your MySQL connection id is 38364 Server version: 5.5.30 (ProxySQL)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]>

但是当我尝试使用 Java 客户端连接时:

    private static final String MARIADB_URL = "jdbc:mariadb://192.168.33.180:6033/offenderconnect";
    private static final String MARIADB_USER = "user";
    private static final String MARIADB_PASSWORD = "password";

    private static final Properties properties = new Properties();

    static {

        properties.put("useSSL", "true");
        properties.put("user", MARIADB_USER);
        properties.put`enter code here`("password", MARIADB_PASSWORD);

    }
    ...

    try (Connection connectionMariaDB = DriverManager.getConnection(MARIADB_URL, properties)) {

异常输出是:

java.sql.SQLNonTransientConnectionException:无法连接到地址=(主机=192.168.33.180)(端口=6033)(类型=主):无法连接到192.168.33.180:6033:PKIX路径构建失败:sun.security.provider .certpath.SunCertPathBuilderException:无法在 org.mariadb.jdbc.internal.util.exceptions 的 org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73) 中找到请求目标的有效认证路径。 org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java: org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1394) 635) 在 org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:150) 在 org.mariadb.jdbc.Driver.connect(Driver.java:89) 在 java.sql/java.sql。DriverManager.getConnection(DriverManager.java:677) at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:189) at com.gtl.datamigration.App.checkTable(App.java:211) at com.gtl .datamigration.App.lambda$5(App.java:447) 在 java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) 在 java.base/java.util.concurrent.ThreadPoolExecutor$Worker。在 java.base/java.lang.Thread.run(Thread.java:829) 运行(ThreadPoolExecutor.java:628) 原因:java.sql.SQLNonTransientConnectionException:无法连接到 192.168.33.180:6033:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在 org.mariadb.jdbc 的 org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73) 中找到请求目标的有效证书路径。内部的.util。exceptions.ExceptionFactory.create(ExceptionFactory.java:185) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:575) at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol. java:1389) ... 10 更多原因:javax.net.ssl.SSLHandshakeException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在 java.base/sun 中找到请求目标的有效证书路径.security.ssl.Alert.createSSLException(Alert.java:131) 在 java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349) 在 java.base/sun.security.ssl.TransportContext.fatal (TransportContext.java:292) 在 java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287) 在 java.base/sun.security.ssl。java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1231) 在 java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer 的 CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1356)。在 java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) 在 java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) 消费(CertificateMessage.java:1174)在 java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) 在 java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) 在 java.base/sun.security .ssl.SSLTransport.decode(SSLTransport.java:171) 在 java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1418) 在 java.base/sun.security.ssl.SSLSocketImpl。在 java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) 在 java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411) 的 readHandshakeRecord(SSLSocketImpl.java:1324)在 org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.sslWrapper(AbstractConnectProtocol.java:658) 在 org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:541) ... 11 更多原因: sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在 java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java) 中找到请求目标的有效证书路径:439) 在 java.base/sun.security.validator 的 java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)。Validator.validate(Validator.java:264) 在 java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) 在 java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java: 222) 在 java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1340) 的 java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ... 24更多原因:sun.security.provider.certpath.SunCertPathBuilderException:无法在 java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) 在 java.base 中找到请求目标的有效证书路径/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) 在 java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) 在 java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 30 更多

我尝试这个没有运气。

使用

-Djavax.net.debug=全部

出现以下附加信息:

javax.net.ssl|DEBUG|0D|pool-1-thread-1|2021-06-23 15:05:34.869 COT|CertificateMessage.java:1171|Consuming server Certificate handshake message ( "Certificate": {   "certificate_request_context": "",   "certificate_list": [   {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "60 D2 2A 99",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=ProxySQL_Auto_Generated_CA_Certificate",
      "not before"         : "2021-06-22 13:23:21.000 COT",
      "not  after"         : "2031-06-20 13:23:21.000 COT",
      "subject"            : "CN=ProxySQL_Auto_Generated_Server_Certificate",
      "subject public key" : "RSA"}
    "extensions": {
      <no extension>
    }   },   {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "60 D2 2A 99",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=ProxySQL_Auto_Generated_CA_Certificate",
      "not before"         : "2021-06-22 13:23:21.000 COT",
      "not  after"         : "2031-06-20 13:23:21.000 COT",
      "subject"            : "CN=ProxySQL_Auto_Generated_CA_Certificate",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.19 Criticality=true
          BasicConstraints:[
            CA:false
            PathLen: undefined
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }   }, ] } )

请给我一些提示尝试。

4

1 回答 1

0

最后它起作用了:

我们需要把

trustServerCertificate = true 和 usePipelineAuth = false

static {
        
    properties.put("user", MARIADB_USER);
    properties.put("password", MARIADB_PASSWORD);
    properties.put("useSSL", "true");
    properties.put("trustServerCertificate", "true");
    properties.put("usePipelineAuth", "false");

}
于 2021-06-25T16:25:14.600 回答