Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-7652

Can not connect to SQL Azure with SSL connection

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.6
    • Component/s: Database
    • Labels:

      Description

      Attempting to connect to SQL Azure over an encrypted connection fails with the SSL Error below. This is a bug of MSSQL JDBC 4.1 driver which is fixed in 4.2. Note that downgrading to 4.0 also fixes the issue.

      Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". ClientConnectionId:c83321b5-8ab8-43e1-8ffa-e6316303111d)
       at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549) ~[commons-dbcp-1.4.jar:1.4]
       at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) ~[commons-dbcp-1.4.jar:1.4]
       at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) ~[commons-dbcp-1.4.jar:1.4]
       at org.sonar.db.profiling.NullConnectionInterceptor.getConnection(NullConnectionInterceptor.java:31) ~[sonar-db-5.5.jar:na]
       at org.sonar.db.profiling.ProfiledDataSource.getConnection(ProfiledDataSource.java:323) ~[sonar-db-5.5.jar:na]
       at org.sonar.db.DefaultDatabase.checkConnection(DefaultDatabase.java:102) ~[sonar-db-5.5.jar:na]
       ... 30 common frames omitted
      Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". ClientConnectionId:c83321b5-8ab8-43e1-8ffa-e6316303111d
       at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1668) ~[sqljdbc41.jar:na]
       at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668) ~[sqljdbc41.jar:na]
       at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1324) ~[sqljdbc41.jar:na]
       at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:992) ~[sqljdbc41.jar:na]
       at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:828) ~[sqljdbc41.jar:na]
       at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012) ~[sqljdbc41.jar:na]
       at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38) ~[commons-dbcp-1.4.jar:1.4]
       at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582) ~[commons-dbcp-1.4.jar:1.4]
       at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556) ~[commons-dbcp-1.4.jar:1.4]
       at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545) ~[commons-dbcp-1.4.jar:1.4]
       ... 35 common frames omitted
      Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.
       at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_91]
       at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_91]
       at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618) ~[sqljdbc41.jar:na]
       ... 43 common frames omitted
      Caused by: java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.
       at com.microsoft.sqlserver.jdbc.TDSChannel$HostNameOverrideX509TrustManager.validateServerNameInCertificate(IOBuffer.java:1431) ~[sqljdbc41.jar:na]
       at com.microsoft.sqlserver.jdbc.TDSChannel$HostNameOverrideX509TrustManager.checkServerTrusted(IOBuffer.java:1324) ~[sqljdbc41.jar:na]
       at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ~[na:1.8.0_91]
       ... 52 common frames omitted
      

      Upgrading to v4.2 requires to stop support of Java 7 (see SONAR-7587)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              simon.brandhof Simon Brandhof (Inactive)
              Reporter:
              simon.brandhof Simon Brandhof (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: