Concerns using MSSQL JDBC driver 4.2 instead of 4.1?

[Alex Crome]

Attempting to connect to SQL Azure over an encrypted connection with version 5.4 fails with the SSL Error below.  This appears to be an issue with the MSSQL JDBC 4.1 driver as upgrading to the 4.2 driver (and also downgrading to 4.0) resolves the issue.

Are there any concerns with using the 4.2 JDBC drivers instead of the bundled 4.1 version?

JDBC Configuration:

sonar.jdbc.url=jdbc:sqlserver://SERVER.database.windows.net:1433;databaseName=DATABASE;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=5
sonar.jdbc.username=USERNAME
sonar.jdbc.password=PASSWORD

Exception:

Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". ClientConnectionId:c83321b5-8ab8-43e1-8ffa-e6316303111d)
 at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549) ~[commons-dbcp-1.4.jar:1.4]
 at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) ~[commons-dbcp-1.4.jar:1.4]
 at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) ~[commons-dbcp-1.4.jar:1.4]
 at org.sonar.db.profiling.NullConnectionInterceptor.getConnection(NullConnectionInterceptor.java:31) ~[sonar-db-5.5.jar:na]
 at org.sonar.db.profiling.ProfiledDataSource.getConnection(ProfiledDataSource.java:323) ~[sonar-db-5.5.jar:na]
 at org.sonar.db.DefaultDatabase.checkConnection(DefaultDatabase.java:102) ~[sonar-db-5.5.jar:na]
 ... 30 common frames omitted
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.". ClientConnectionId:c83321b5-8ab8-43e1-8ffa-e6316303111d
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1668) ~[sqljdbc41.jar:na]
 at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668) ~[sqljdbc41.jar:na]
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1324) ~[sqljdbc41.jar:na]
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:992) ~[sqljdbc41.jar:na]
 at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:828) ~[sqljdbc41.jar:na]
 at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012) ~[sqljdbc41.jar:na]
 at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38) ~[commons-dbcp-1.4.jar:1.4]
 at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582) ~[commons-dbcp-1.4.jar:1.4]
 at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556) ~[commons-dbcp-1.4.jar:1.4]
 at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545) ~[commons-dbcp-1.4.jar:1.4]
 ... 35 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.
 at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_91]
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.8.0_91]
 at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618) ~[sqljdbc41.jar:na]
 ... 43 common frames omitted
Caused by: java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization.
 at com.microsoft.sqlserver.jdbc.TDSChannel$HostNameOverrideX509TrustManager.validateServerNameInCertificate(IOBuffer.java:1431) ~[sqljdbc41.jar:na]
 at com.microsoft.sqlserver.jdbc.TDSChannel$HostNameOverrideX509TrustManager.checkServerTrusted(IOBuffer.java:1324) ~[sqljdbc41.jar:na]
 at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ~[na:1.8.0_91]
 ... 52 common frames omitted

[Simon Brandhof]

Hi Alex, 

Do you have a link to the release notes of v4.2 ?

Requirements described at https://www.microsoft.com/en-us/download/details.aspx?id=11774 are not correct. 4.2 is compiled for Java 8 and does not support Java 7. This is the reason why we didn't upgrade.

As SonarQube 5.6 is being dropping support of Java 7, we can reconsider this upgrade. I'll keep you up-to-date.

Regards

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e97734f3-b938-412a-85f3-a02ed3fdf5a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Simon BRANDHOF | SonarSource
Tech Lead & Co-Founder
http://twitter.com/SimonBrandhof

[Alex Crome]

Thanks for your quick response

The release notes are included in the download - I can't find a direct URL, but I've attached them to this reply.

[Simon Brandhof]

For reference ticket is https://jira.sonarsource.com/browse/SONAR-7652 and is going to be fixed in version 5.6, to be released in the upcoming weeks.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/071ca19d-d521-4c08-9cf3-633293925b04%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.