From ef2e110ec14881e76edd7203f78a366ab0261a98 Mon Sep 17 00:00:00 2001
From: Kolbe Kegel <kolbe@kolbekegel.com>
Date: Mon, 10 Feb 2020 21:36:25 -0800
Subject: [PATCH 1/2] Added simple handling for empty keyStore, for ksms that
 do not require defined keystore

---
 .../java/com/mysql/cj/protocol/ExportControlled.java | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java b/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java
index 36450941..d2a405c7 100644
--- a/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java
+++ b/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java
@@ -523,6 +523,18 @@ public static SSLContext getSSLContext(String clientCertificateKeyStoreUrl, Stri
                 }
             }
         }
+        else {
+            try{
+                if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
+                    KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
+                    clientKeyStore.load(null);
+                    kmf.init(null);
+                    kms = kmf.getKeyManagers();
+                }
+            } catch (Exception e) {
+                System.out.println(e);
+            }
+        }
 
         InputStream trustStoreIS = null;
         try {

From 0d51731727b8d4bd43996444f2815320284cd08f Mon Sep 17 00:00:00 2001
From: Kolbe Kegel <kolbe@kolbekegel.com>
Date: Wed, 12 Feb 2020 16:24:30 -0800
Subject: [PATCH 2/2] Added exception for missing keyStore file but defined
 clientCertificateKeyStoreType

---
 .../com/mysql/cj/protocol/ExportControlled.java     | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java b/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java
index d2a405c7..776bd16f 100644
--- a/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java
+++ b/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java
@@ -522,17 +522,16 @@ public static SSLContext getSSLContext(String clientCertificateKeyStoreUrl, Stri
                     }
                 }
             }
-        }
-        else {
+        } else {
+            // Some KeyManagers do not require a keystore to be in a file, so see if there's a functional KeyManager even though
+            // clientCertificateKeyStoreUrl was empty.
             try{
                 if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
-                    KeyStore clientKeyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
-                    clientKeyStore.load(null);
-                    kmf.init(null);
                     kms = kmf.getKeyManagers();
                 }
-            } catch (Exception e) {
-                System.out.println(e);
+            } catch (IllegalStateException ise) {
+                throw ExceptionFactory.createException(SSLParamsException.class, "No keystore file/URL given, and client certificate key store of type " + clientCertificateKeyStoreType + " is not initialized.",
+                        ise, exceptionInterceptor);
             }
         }