Bug #15172 SSL Connection failure from Java to MySQL
Submitted: 23 Nov 2005 4:19 Modified: 13 Sep 2012 10:02
Reporter: Andre Pinkowski Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / J Severity:S1 (Critical)
Version:MySQL Server 5.0.15 OS:Windows (Windows XP)
Assigned to: CPU Architecture:Any

[23 Nov 2005 4:19] Andre Pinkowski 
Description:
I recompiled mysqld with preprocessor option "HAVE_YASSL" then copied the new mysqld.exe into my already installed binary MySQL 5 directory (Both source and binary are 5.0.15)
Installed and ran as a windows process.
Can connect to MySQL fine without SSL.
Generated my Own SSL Certificates with OpenSSL.
Included relevent ssl options in my.ini
Imported Certificates in Java Trust Store.
Built java test app to try to connect to MySQL dbms with SSL.
Ran the VM with relevent -Djavax.net.ssl.keyStore/trustStore properties.
Am using mysql-connector-java-3.1.11

Received the following exception when trying to connect with useSSL=true to the database. Without SSL it connects perfectly.

com.mysql.jdbc.CommunicationsException: Communications link failure due to under lying exception:

** BEGIN NESTED EXCEPTION **

javax.net.ssl.SSLHandshakeException
MESSAGE: Remote host closed connection during handshake

STACKTRACE:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:72)
        at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4235)
        at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1222)
        at com.mysql.jdbc.Connection.createNewIO(Connection.java:2544)
        at com.mysql.jdbc.Connection.<init>(Connection.java:1474)
        at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at DatabaseConnectionSSL.connect(DatabaseConnectionSSL.java:43)
        at DatabaseConnectionSSL.<init>(DatabaseConnectionSSL.java:24)
        at SSLTest.<init>(SSLTest.java:22)
        at SSLTest.main(SSLTest.java:44)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
        ... 15 more

** END NESTED EXCEPTION **

Last packet sent to the server was 593 ms ago.
        at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:87)
        at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4235)
        at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1222)
        at com.mysql.jdbc.Connection.createNewIO(Connection.java:2544)
        at com.mysql.jdbc.Connection.<init>(Connection.java:1474)
        at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at java.sql.DriverManager.getConnection(Unknown Source)
        at DatabaseConnectionSSL.connect(DatabaseConnectionSSL.java:43)
        at DatabaseConnectionSSL.<init>(DatabaseConnectionSSL.java:24)
        at SSLTest.<init>(SSLTest.java:22)
        at SSLTest.main(SSLTest.java:44)

How to repeat:
Happens every time I connect with useSSL=true in the connection url.
[26 Nov 2005 9:22] Vasily Kishkin 
Could you please say what version of SDK you use ? Did you read the follow URL about connection using SSL : http://dev.mysql.com/doc/refman/5.0/en/cj-using-ssl.html ?
[27 Nov 2005 4:47] Andre Pinkowski 
Java version; j2sdk1.4.2_10-b03

Yes, I followed the instructions from http://dev.mysql.com/doc/refman/5.0/en/cj-using-ssl.html to the letter.
[3 Dec 2005 9:51] Vasily Kishkin 
I created test case and generated keystore and truststore from example pem keys (folder SSL in sources of mysql). The test case connected without any problem:

Connected to 5.0.15
START
show status like 'ssl%'
Ssl_accept_renegotiates  0
Ssl_accepts  0
Ssl_callback_cache_hits  0
Ssl_cipher  AES128-SHA
Ssl_cipher_list
Ssl_client_connects  0
Ssl_connect_renegotiates  0
Ssl_ctx_verify_depth  0
Ssl_ctx_verify_mode  0
Ssl_default_timeout  500
Ssl_finished_accepts  0
Ssl_finished_connects  0
Ssl_session_cache_hits  0
Ssl_session_cache_misses  0
Ssl_session_cache_mode  Unknown
Ssl_session_cache_overflows  0
Ssl_session_cache_size  0
Ssl_session_cache_timeouts  0
Ssl_sessions_reused  0
Ssl_used_session_cache_entries  0
Ssl_verify_depth  0
Ssl_verify_mode  0
Ssl_version  TLSv1
END

Could you please try to use example pem files to check the bug ? My test case is attached.
[3 Dec 2005 9:51] Vasily Kishkin 
Test case

Attachment: Bug15172.java (text/java), 1013 bytes.
[19 Dec 2005 16:48] Patrick McGloin 
Andre,

What does  show variables like 'have_openssl'; display.
Can you start mysqld.exe   with  --ssl   ?

FYI.. I have been working on compiling MySQL 5 with  SSL on Windows for
2 weeks without success.    I did get it to work OK on  Redhat  though.

Patrick
pmcgloin@systemax.com
[4 Jan 2006 0:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".