Bug #101536 | tls1.2 issue | ||
---|---|---|---|
Submitted: | 10 Nov 2020 9:54 | Modified: | 19 Jan 2021 4:23 |
Reporter: | zhijian wang | Email Updates: | |
Status: | Duplicate | Impact on me: | |
Category: | MySQL Router | Severity: | S3 (Non-critical) |
Version: | 8.0.22 | OS: | CentOS (8.2) |
Assigned to: | MySQL Verification Team | CPU Architecture: | Any |
[10 Nov 2020 9:54]
zhijian wang
[10 Nov 2020 14:46]
MySQL Verification Team
Hi, Thanks for reporting the bug. The only advice is to downgrate to 8.0.21 for now till we fix this all best Bogdan
[12 Nov 2020 13:54]
MySQL Verification Team
Hi, Did you try also updating the java connector to 8.0.22 ? all best Bogdan
[12 Nov 2020 14:42]
MySQL Verification Team
Hi Two more questions - what connector are you using now - can you connect directly to mysql server (without router) with it thanks Bogdan
[19 Nov 2020 0:38]
zhijian wang
Hi 1. we use openjdk-11.0.9,which is the latest version 2.there is no issue if we skip mysqlrouter. it works well if connect to mysql-MGR-cluster directly with SSL
[20 Nov 2020 9:31]
MySQL Verification Team
Hi, > 1. we use openjdk-11.0.9,which is the latest version that is java version, but what version of MySQL connector you use with it? > 2.there is no issue if we skip mysqlrouter. it works well if connect to mysql-MGR-cluster directly with SSL If I understood ok you used .21 router and server and upgraded both to .22. If you upgrade only mysqld to .22 and leave router to .21 does it work ok? thanks Bogdan
[24 Nov 2020 1:06]
zhijian wang
Hi, Hi > 1. we use openjdk-11.0.9,which is the latest version that is java version, but what version of MySQL connector you use with it? A:we use mysql-connector-java-8.0.22.jar > 2.Yes,if we upgrade only mysql-MGR-cluster to .22 and leave router .21,it works ok.
[1 Dec 2020 14:18]
MySQL Verification Team
Hi, Our dev team is having issues reproducing this properly. I will be testing their procedure too but can you please test on your system too. Here's what they did: - I set up a new cluster from scratch with MySQL Shell 8.0.22 and MySQL Server 8.0.22. I forced TLSv1.2 in my.cnf (by default connections were established using TLSv1.3; which also works fine) - I bootstrapped Router 8.0.22 against it - I installed MySQL Connectors/J 8.0.22 and OpenJDK 11.0.9, and ran my Java "helloworld" program, and it works just fine. Can you provide more detail about your setup? Or could you try running my simple program (adjust it as needed) to see if it works for you? Details follow.
[1 Dec 2020 14:19]
MySQL Verification Team
$ mysqlsh -i -e "dba.getCluster().status()" root:r@0:3310 MySQL Shell 8.0.22 Copyright (c) 2016, 2020, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type '\help' or '\?' for help; '\quit' to exit. WARNING: Using a password on the command line interface can be insecure. Creating a session to 'root@0:3310' Fetching schema names for autocompletion... Press ^C to stop. Your MySQL connection id is 98 Server version: 8.0.22 MySQL Community Server - GPL No default schema selected; type \use <schema> to set one. { "clusterName": "mycluster", "defaultReplicaSet": { "name": "default", "primary": "192.168.43.111:3310", "ssl": "REQUIRED", "status": "OK", "statusText": "Cluster is ONLINE and can tolerate up to ONE failure.", "topology": { "192.168.43.111:3310": { "address": "192.168.43.111:3310", "mode": "R/W", "readReplicas": {}, "replicationLag": null, "role": "HA", "status": "ONLINE", "version": "8.0.22" }, "192.168.43.111:3320": { "address": "192.168.43.111:3320", "mode": "R/O", "readReplicas": {}, "replicationLag": null, "role": "HA", "status": "ONLINE", "version": "8.0.22" }, "192.168.43.111:3330": { "address": "192.168.43.111:3330", "mode": "R/O", "readReplicas": {}, "replicationLag": null, "role": "HA", "status": "ONLINE", "version": "8.0.22" } }, "topologyMode": "Single-Primary" }, "groupInformationSourceMember": "192.168.43.111:3310" } $ mysql -uroot --password=$HA_PASS -h 0 -P 6446 -e "SELECT @@version" mysql: [Warning] Using a password on the command line interface can be insecure. +-----------+ | @@version | +-----------+ | 8.0.22 | +-----------+ # all 3 nodes have analogous configs. Everythig was autogenerated by Shell # except 3 lines I added right before `[client]` (`general_log`, # `general_log_file` and `tls_version`), and restarted the cluster. $ cat ~/mysql-sandboxes/3310/my.cnf [mysqld] port = 3310 loose_mysqlx_port = 33100 server_id = 2806562773 socket = mysqld.sock loose_mysqlx_socket = mysqlx.sock basedir = /usr datadir = /home/benny/mysql-sandboxes/3310/sandboxdata loose_log_syslog = OFF report_port = 3310 report_host = 192.168.43.111 log_error = /home/benny/mysql-sandboxes/3310/sandboxdata/error.log relay_log_info_repository = TABLE master_info_repository = TABLE gtid_mode = ON log_slave_updates = ON transaction_write_set_extraction = XXHASH64 binlog_format = ROW log_bin enforce_gtid_consistency = ON pid_file = /home/benny/mysql-sandboxes/3310/3310.pid secure_file_priv = /home/benny/mysql-sandboxes/3310/mysql-files general_log_file = /home/benny/mysql-sandboxes/3310/sandboxdata/general.log general_log = 1 tls_version = TLSv1.2 [client] port = 3310 user = root protocol = TCP ------------------------------------------------------------------------------ -- JAVA VERSIONS ------------------------------------------------------------------------------ -- $ javac --version javac 11.0.9 $ java --version openjdk 11.0.9 2020-10-20 OpenJDK Runtime Environment 18.9 (build 11.0.9+11) OpenJDK 64-Bit Server VM 18.9 (build 11.0.9+11, mixed mode) $ echo $CLASSPATH /usr/share/java/mysql-connector-java-8.0.22.jar: ------------------------------------------------------------------------------ -- JAVA OUTPUT ------------------------------------------------------------------------------ -- $ javac FirstExample.java && java FirstExample 6446 [Inf] Port number = 6446 Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. Connecting ... Running query ... Ssl_cipher = ECDHE-RSA-AES256-GCM-SHA384 Ssl_version = TLSv1.2 Goodbye! # lines logged by Router 2020-12-01 13:24:16 routing DEBUG [7fb8c3fff700] [routing:mycluster_rw] fd=43 connection accepted at 0.0.0.0:6446 2020-12-01 13:24:16 routing DEBUG [7fb8ecd40700] fd=43: trying 192.168.43.111:3310 (192.168.43.111:3310) 2020-12-01 13:24:16 routing DEBUG [7fb8ecd40700] [routing:mycluster_rw] fd=43 connected 127.0.0.1:50504 -> 192.168.43.111:3310 as fd=44 2020-12-01 13:24:16 routing DEBUG [7fb8ecd40700] [routing:mycluster_rw] fd=43 -- 44: connection closed (up: 3822b; down: 2118b) # lines logged in Server general log 2020-12-01T13:24:16.697941Z 119 Connect root@c18 on mysql using SSL/TLS 2020-12-01T13:24:16.707062Z 119 Query /* mysql-connector-java-8.0.22 (Revision: d64b664fa93e81296a377de031b8123a67e6def2) */SELECT @@session.auto_increment_increment AS auto_increment_increment, @@character_set_client AS character_set_client, @@character_set_connection AS character_set_connection, @@character_set_results AS character_set_results, @@character_set_server AS character_set_server, @@collation_server AS collation_server, @@collation_connection AS collation_connection, @@init_connect AS init_connect, @@interactive_timeout AS interactive_timeout, @@license AS license, @@lower_case_table_names AS lower_case_table_names, @@max_allowed_packet AS max_allowed_packet, @@net_write_timeout AS net_write_timeout, @@performance_schema AS performance_schema, @@sql_mode AS sql_mode, @@system_time_zone AS system_time_zone, @@time_zone AS time_zone, @@transaction_isolation AS transaction_isolation, @@wait_timeout AS wait_timeout 2020-12-01T13:24:16.732939Z 119 Query SET NAMES utf8mb4 2020-12-01T13:24:16.733832Z 119 Query SET character_set_results = NULL 2020-12-01T13:24:16.734952Z 119 Query SET autocommit=1 2020-12-01T13:24:16.746943Z 119 Query SELECT * FROM performance_schema.session_status WHERE VARIABLE_NAME IN ('Ssl_version','Ssl_cipher') 2020-12-01T13:24:16.804785Z 119 Quit
[1 Dec 2020 14:19]
MySQL Verification Team
------------------------------------------------------------------------------ -- JAVA SOURCE ------------------------------------------------------------------------------ -- $ cat FirstExample.java import java.sql.*; public class FirstExample { // REFERENCE: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-jdbc-url-fo rmat.html // build and run: javac FirstExample.java && java FirstExample 3306 static final String JDBC_DRIVER = "com.mysql.jdbc.Driver"; static final String DB_URL_PREFIX = "jdbc:mysql://localhost:"; static final String DB = "mysql"; // Database credentials static final String USER = "root"; static final String PASS = "r"; public static void main(String[] args) { // get port number String port; if (args.length < 1) { System.err.println("[Err] Port number not given"); return; } else { port = args[0]; System.err.println("[Inf] Port number = " + port); } Connection conn = null; Statement stmt = null; try { // register JDBC driver Class.forName("com.mysql.jdbc.Driver"); // connect System.out.println("Connecting ..."); conn = DriverManager.getConnection(DB_URL_PREFIX + port + "/" + DB,USER,PASS); if(false) { //+---------------------------------+-----------+ //| user | host | //+---------------------------------+-----------+ //| mysql_innodb_cluster_2806562773 | % | //| mysql_router1_ah41gbwqowmq | % | //| root | % | //| mysql.infoschema | localhost | //| mysql.session | localhost | //| mysql.sys | localhost | //| root | localhost | //+---------------------------------+-----------+ // run query System.out.println("Running query ..."); stmt = conn.createStatement(); String sql = "SELECT user, host from mysql.user"; ResultSet rs = stmt.executeQuery(sql); // process results while(rs.next()) { System.out.println(" " + rs.getString("user") + "@" + rs.getString("host")); } // cleanup rs.close(); stmt.close(); conn.close(); } else { //+---------------+-----------------------------+ //| VARIABLE_NAME | VARIABLE_VALUE | //+---------------+-----------------------------+ //| Ssl_cipher | ECDHE-RSA-AES128-GCM-SHA256 | //| Ssl_version | TLSv1.2 | //+---------------+-----------------------------+ // run query System.out.println("Running query ..."); stmt = conn.createStatement(); String sql = "SELECT * FROM performance_schema.session_status WHERE VARIABLE_NAME IN ('Ssl_version','Ssl_cipher')"; ResultSet rs = stmt.executeQuery(sql); // process results while(rs.next()) { System.out.println(" " + rs.getString("VARIABLE_NAME") + " = " + rs.getString("VARIABLE_VALUE")); } // cleanup rs.close(); stmt.close(); conn.close(); } } catch(SQLException se) { // handle errors from JDBC se.printStackTrace(); } catch(Exception e) { // handle errors from Class.forName e.printStackTrace(); } finally { // clean up try { if(stmt!=null) stmt.close(); } catch(SQLException dummy) { // nothing we can do } try { if(conn!=null) conn.close(); } catch(SQLException se) { se.printStackTrace(); } } System.out.println("Goodbye!"); } } ------------------------------------------------------------------------------ -- ROUTER VERSION AND CONFIG ------------------------------------------------------------------------------ -- $ bin/mysqlrouter --version MySQL Router Ver 8.0.22 for Linux on x86_64 (MySQL Community - GPL) # Configuration is as bootstrap generated it, except for lines starting with # '#' which I overrode with my own versions $ cat /usr/local/router-instance/mysqlrouter.conf # File automatically generated during MySQL Router bootstrap [DEFAULT] #logging_folder=/usr/local/router-instance/log logging_folder= runtime_folder=/usr/local/router-instance/run data_folder=/usr/local/router-instance/data keyring_path=/usr/local/router-instance/data/keyring master_key_path=/usr/local/router-instance/mysqlrouter.key connect_timeout=15 read_timeout=30 dynamic_state=/usr/local/router-instance/data/state.json [logger] #level = INFO level = DEBUG [metadata_cache:mycluster] cluster_type=gr router_id=1 user=mysql_router1_ah41gbwqowmq metadata_cluster=mycluster #ttl=0.5 ttl=60 auth_cache_ttl=-1 #auth_cache_refresh_interval=2 auth_cache_refresh_interval=60 use_gr_notifications=0 [routing:mycluster_rw] bind_address=0.0.0.0 bind_port=6446 destinations=metadata-cache://mycluster/?role=PRIMARY routing_strategy=first-available protocol=classic [routing:mycluster_ro] bind_address=0.0.0.0 bind_port=6447 destinations=metadata-cache://mycluster/?role=SECONDARY routing_strategy=round-robin-with-fallback protocol=classic [routing:mycluster_x_rw] bind_address=0.0.0.0 bind_port=64460 destinations=metadata-cache://mycluster/?role=PRIMARY routing_strategy=first-available protocol=x [routing:mycluster_x_ro] bind_address=0.0.0.0 bind_port=64470 destinations=metadata-cache://mycluster/?role=SECONDARY routing_strategy=round-robin-with-fallback protocol=x [http_server] port=8443 ssl=1 ssl_cert=/usr/local/router-instance/data/router-cert.pem ssl_key=/usr/local/router-instance/data/router-key.pem [http_auth_realm:default_auth_realm] backend=default_auth_backend method=basic name=default_realm [rest_router] require_realm=default_auth_realm [rest_api] [http_auth_backend:default_auth_backend] backend=metadata_cache [rest_routing] require_realm=default_auth_realm [rest_metadata_cache] require_realm=default_auth_realm
[2 Dec 2020 10:35]
Pawel Mroszczyk
Same program running again, but with SSL debug enabled
Attachment: debug_ssl.txt (text/plain), 102.26 KiB.
[2 Dec 2020 13:31]
MySQL Verification Team
Hi, Since the router team had issues reproducing this I got my setup up to reproduce it again and I found that I was not reproducing the padding issue but was not paying enough attention and just reproduced the "not verified cert" problem that's not a bug. So using - mysqld 8.0.22 - MySQL innodb cluster with 8.0.22 servers - MySQL router 8.0.22 - openjdk 11 + MySQL connector 8.0.22 I have no issues reproducing. simplest code example: [root@centos7-1 ~]# cat bug.java import java.sql.*; public class bug { static final String JDBC_DRIVER = "com.mysql.jdbc.Driver"; static final String USER = "root"; static final String PASS = ""; public static void main(String[] args) { Connection conn = null; Statement stmt = null; try { Class.forName("com.mysql.jdbc.Driver"); // conn = DriverManager.getConnection("jdbc:mysql://localhost:3307/mysql?useSSL=true&requireSSL=true&verifyServerCertificate=true", USER, PASS); conn = DriverManager.getConnection("jdbc:mysql://localhost:3307/mysql?useSSL=true&requireSSL=true&verifyServerCertificate=false", USER, PASS); // conn = DriverManager.getConnection("jdbc:mysql://localhost:3307/mysql?useSSL=true&requireSSL=true", USER, PASS); stmt = conn.createStatement(); String sql = "select CHANNEL, VALUE from performance_schema.tls_channel_status where PROPERTY = 'Current_tls_version'"; ResultSet rs = stmt.executeQuery(sql); while(rs.next()) System.out.println(" " + rs.getString("CHANNEL") + " = " +rs.getString("VALUE")); rs.close(); stmt.close(); conn.close(); } catch(SQLException se) { se.printStackTrace(); } catch(Exception e) { e.printStackTrace(); } finally { try { if(stmt!=null) stmt.close(); } catch(SQLException dummy) { } try { if(conn!=null) conn.close(); } catch(SQLException se) { se.printStackTrace(); } } } } [root@centos7-1 ~]# javac bug.java [root@centos7-1 ~]# java -cp mysql-connector-java-8.0.22.jar:. bug Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The driver is automatically registered via the SPI and manual loading of the driver class is generally unnecessary. mysql_main = TLSv1.2 mysql_admin = TLSv1,TLSv1.1,TLSv1.2 [root@centos7-1 ~]# java -version openjdk version "11.0.9" 2020-10-20 LTS OpenJDK Runtime Environment 18.9 (build 11.0.9+11-LTS) OpenJDK 64-Bit Server VM 18.9 (build 11.0.9+11-LTS, mixed mode, sharing) [root@centos7-1 ~]# javac -version javac 11.0.9 [root@centos7-1 ~]#
[2 Dec 2020 13:32]
MySQL Verification Team
Hi, Can you please follow example in the attached file and turn of debugging as described here: https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html Thanks Bogdan
[2 Dec 2020 13:33]
MySQL Verification Team
Hi, Also, can you please use config as our router team is using to see if you will reproduce the problem thanks Bogdan
[3 Dec 2020 6:46]
zhijian wang
Hi, Our testing environment: 1、java version openjdk version "11.0.9" 2020-10-20 LTS OpenJDK Runtime Environment 18.9 (build 11.0.9+11-LTS) OpenJDK 64-Bit Server VM 18.9 (build 11.0.9+11-LTS, mixed mode, sharing) 2、/etc/mysqlrouter/mysqlrouter.conf Version: MySQL Router Ver 8.0.22 for Linux on x86_64 (MySQL Community - GPL) /etc/mysqlrouter/mysqlrouter.conf # File automatically generated during MySQL Router bootstrap [DEFAULT] name=system user=mysqlrouter keyring_path=/var/lib/mysqlrouter/keyring master_key_path=/etc/mysqlrouter/mysqlrouter.key connect_timeout=15 read_timeout=30 dynamic_state=/var/lib/mysqlrouter/state.json [logger] level = INFO [metadata_cache:wxMysqlTestCluster1] cluster_type=gr router_id=3 user=mysql_router3_q5ew3texai86 metadata_cluster=wxMysqlTestCluster1 ttl=0.5 auth_cache_ttl=-1 auth_cache_refresh_interval=2 use_gr_notifications=0 #ssl_mode=DISABLED [routing:wxMysqlTestCluster1_rw] bind_address=0.0.0.0 bind_port=6446 destinations=metadata-cache://wxMysqlTestCluster1/?role=PRIMARY routing_strategy=first-available protocol=classic #ssl_mode=DISABLED [routing:wxMysqlTestCluster1_ro] bind_address=0.0.0.0 bind_port=6447 destinations=metadata-cache://wxMysqlTestCluster1/?role=SECONDARY routing_strategy=round-robin-with-fallback protocol=classic [routing:wxMysqlTestCluster1_x_rw] bind_address=0.0.0.0 bind_port=64460 destinations=metadata-cache://wxMysqlTestCluster1/?role=PRIMARY routing_strategy=first-available protocol=x [routing:wxMysqlTestCluster1_x_ro] bind_address=0.0.0.0 bind_port=64470 destinations=metadata-cache://wxMysqlTestCluster1/?role=SECONDARY routing_strategy=round-robin-with-fallback protocol=x [http_server] port=8443 ssl=1 ssl_cert=/var/lib/mysqlrouter/router-cert.pem ssl_key=/var/lib/mysqlrouter/router-key.pem [http_auth_realm:default_auth_realm] backend=default_auth_backend method=basic name=default_realm [rest_router] require_realm=default_auth_realm [rest_api] [http_auth_backend:default_auth_backend] backend=metadata_cache [rest_routing] require_realm=default_auth_realm [rest_metadata_cache] require_realm=default_auth_realm 3、mysqlshell and Cluster: [root@dorado ~]# mysqlsh MySQL Shell 8.0.22 Copyright (c) 2016, 2020, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type '\help' or '\?' for help; '\quit' to exit. MySQL JS > \connect root@dorado Creating a session to 'root@dorado' Fetching schema names for autocompletion... Press ^C to stop. Your MySQL connection id is 44 (X protocol) Server version: 8.0.22 MySQL Community Server - GPL No default schema selected; type \use <schema> to set one. MySQL dorado:33060+ ssl JS > var cluster=dba.getCluster('') Dba.getCluster: The cluster with the name '' does not exist. (MYSQLSH 51101) MySQL dorado:33060+ ssl JS > var cluster=dba.getCluster() MySQL dorado:33060+ ssl JS > cluster.status() { "clusterName": "wxMysqlTestCluster1", "defaultReplicaSet": { "name": "default", "primary": "delphinus:3306", "ssl": "REQUIRED", "status": "OK", "statusText": "Cluster is ONLINE and can tolerate up to ONE failure.", "topology": { "delphinus:3306": { "address": "delphinus:3306", "mode": "R/W", "readReplicas": {}, "replicationLag": null, "role": "HA", "status": "ONLINE", "version": "8.0.22" }, "dorado:3306": { "address": "dorado:3306", "mode": "R/O", "readReplicas": {}, "replicationLag": null, "role": "HA", "status": "ONLINE", "version": "8.0.22" }, "volans:3306": { "address": "volans:3306", "mode": "R/O", "readReplicas": {}, "replicationLag": null, "role": "HA", "status": "ONLINE", "version": "8.0.22" } }, "topologyMode": "Single-Primary" }, "groupInformationSourceMember": "delphinus:3306" } MySQL dorado:33060+ ssl JS > ######################### I will test again after adding option TLS1.2 force in my.cnf
[3 Dec 2020 14:05]
MySQL Verification Team
Hi, I cannot reproduce even if I don't have that in my.cnf. Can you try my code example (modify for yourself)? [root@centos7-1 ~]# cat bug.java import java.sql.*; public class bug { static final String USER = "root"; static final String PASS = ""; public static void main(String[] args) { Connection conn = null; Statement stmt = null; try { Class.forName("com.mysql.cj.jdbc.Driver"); // configure here location of your router conn = DriverManager.getConnection("jdbc:mysql://localhost:3307/mysql?useSSL=true&requireSSL=true&verifyServerCertificate=false&enabledTLSProtocols=TLSv1.2&sslMode=REQUIRED", USER, PASS); stmt = conn.createStatement(); String sql = "select CHANNEL, VALUE from performance_schema.tls_channel_status where PROPERTY = 'Current_tls_version'"; ResultSet rs = stmt.executeQuery(sql); while(rs.next()) System.out.println(" " + rs.getString("CHANNEL") + " = " +rs.getString("VALUE")); rs.close(); stmt.close(); conn.close(); } catch(SQLException se) { se.printStackTrace(); } catch(Exception e) { e.printStackTrace(); } finally { try { if(stmt!=null) stmt.close(); } catch(SQLException dummy) { } try { if(conn!=null) conn.close(); } catch(SQLException se) { se.printStackTrace(); } } } } [root@centos7-1 ~]# java -cp mysql-connector-java-8.0.22.jar:. bug
[3 Dec 2020 14:06]
MySQL Verification Team
and if you can reproduce, please turn on SSL debugging as we mentioned before Thanks Bogdan
[4 Dec 2020 1:57]
zhijian wang
port 3007? is it mysqlrouter-rw-port number?
[4 Dec 2020 1:58]
zhijian wang
3307? is it mysqlrouter-rw port number?
[4 Dec 2020 12:36]
MySQL Verification Team
Hi, Yes, 3307 is RW port on my router but please adapt the host/port/user/pass to your system all best Bogdan
[7 Dec 2020 3:15]
zhijian wang
Hi, My test result is below: mysql_main = TLSv1.2 mysql_admin = TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
[8 Dec 2020 20:00]
MySQL Verification Team
Hi, > My test result is below: > > mysql_main = TLSv1.2 > mysql_admin = TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 So you managed to successfully connect and did not experience the bug? Can you now modify that example so that you get bug? thanks Bogdan
[9 Dec 2020 2:35]
zhijian wang
Hi, So far, I've summed up the test ===Before MySql-Route update to 8.0.22,Everything is OK=== ===After MySql-Route update,issues=== Environment 1: Program dependencies and parameters: mysql-connector-java-8.0.22.jar HikariCP-3.4.1.jar spring-data-jpa-2.2.3.RELEASE.jar Query page size=10000 issues below: WARN:SQL Error: 0, SQLState: S1000 ERROR:GenericJDBCException: could not extract ResultSet Caused by: java.sql.SQLException: arraycopy: last source index 96 out of bounds for byte[76] at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129) ~[mysql-connector-java-8.0.22.jar:8.0.22] Environment 2: Program dependencies and parameters: commons-dbcp-1.4.jar mysql-connector-java-8.0.12.jar ResultSet >1000。 issue below: java.sql.SQLException: Invalid TLS padding data at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129) ~[mysql-connector-java-8.0.12.jar:8.0.12] Solution 1:MySql Route downgrade to 8.0.21 Solution 2:control Query Size or Result size within 1000。 Solution 3:add option sslMode=disabled in jdbcUrl
[9 Dec 2020 17:55]
MySQL Verification Team
Hi, When I'm getting a bigger select result I get java.sql.SQLException: Tag mismatch! at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129) at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97) at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122) at com.mysql.cj.jdbc.StatementImpl.executeQuery(StatementImpl.java:1200) at bug.main(bug.java:18) and this is a different bug where mysqlrouter .22 can't handle big result set, has nothing to do with SSL, but I cannot reproduce your padding error. Looking at your last reply looks like you get padding error only with old connector so I assume the SSL here is only hiding a known bug for .22 about "big results". If you cannot reproduce the problem with "small result set" (and looking at your previous test with my example you cannot) than this is just after effect of the known bug (that will be sorted out quickly). I'm marking this as a duplicate of Bug# 101406 Kind regards Bogdan
[10 Dec 2020 1:53]
zhijian wang
Hi, Thank you very much. I will try the future version and reply you the result, thank you.
[10 Dec 2020 5:46]
Pawel Mroszczyk
Posted by developer: Marking this is a duplicate of BUG#32081158
[19 Jan 2021 4:23]
zhijian wang
yum update issue: MySQL 8.0 Community Server 206 kB/s | 1.3 MB 00:06 MySQL Connectors Community 21 kB/s | 49 kB 00:02 MySQL Tools Community 45 kB/s | 188 kB 00:04 Last metadata expiration check: 0:00:01 ago on Tue 19 Jan 2021 12:19:56 PM CST. Error: Problem: package mysql-community-libs-8.0.22-1.el8.x86_64 requires mysql-community-client-plugins = 8.0.22-1.el8, but none of the providers can be installed - cannot install both mysql-community-client-plugins-8.0.23-1.el8.x86_64 and mysql-community-client-plugins-8.0.22-1.el8.x86_64 - cannot install the best update candidate for package mysql-community-client-plugins-8.0.22-1.el8.x86_64 - problem with installed package mysql-community-libs-8.0.22-1.el8.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)