davisusanibar commented on issue #35741:
URL: https://github.com/apache/arrow/issues/35741#issuecomment-1652181700
> > This is more or less a SSL parameter configuration that needs to be set
according to the implementation of one-way or two-way SSL that is independent
of the Arrow JDBC.
>
> I don't believe this is the case. The important point being that the
identical command runs correctly on linux using exactly the same DSN.
Hy @mhilton. In order to support SSL 1 Way / 2 Way properly, the client and
server must implement parameters.
SSL errors are independent of the operating system (Win/Unix/Others) and
related to missing client or server configuration.
Using the MySQL SSL client/server configured properly, the JDBC driver can
read and load Trustore and Keystore:
```java
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.apache.arrow.adapter.jdbc.ArrowVectorIterator;
import org.apache.arrow.adapter.jdbc.JdbcToArrow;
import org.apache.arrow.memory.BufferAllocator;
import org.apache.arrow.memory.RootAllocator;
import org.apache.arrow.vector.VectorSchemaRoot;
public class JdbcAdapterToMysqlWithSSL {
public static void main(String[] args) {
System.setProperty("javax.net.debug", "all");
try (BufferAllocator allocator = new RootAllocator();
Connection connection = DriverManager.getConnection(
"jdbc:mysql://root:password@localhost:3306/mysql?" +
"sslMode=VERIFY_CA&"+
"trustCertificateKeyStoreUrl=file:///Users/dsusanibar/Downloads/sslmysql/truststore.jks&"+
"trustCertificateKeyStorePassword=mypassword&" +
"clientCertificateKeyStoreUrl=file:///Users/dsusanibar/Downloads/sslmysql/keystore.jks&"
+
"clientCertificateKeyStorePassword=mypassword")
) {
try (ResultSet resultSet = connection.createStatement().executeQuery(
"SELECT * FROM mysql.user");
ArrowVectorIterator iterator =
JdbcToArrow.sqlToArrowVectorIterator(
resultSet, allocator)) {
while (iterator.hasNext()) {
try (VectorSchemaRoot root = iterator.next()) {
System.out.print(root.contentToTSVString());
}
}
}
} catch (SQLException | IOException e) {
e.printStackTrace();
}
}
/*
Trustore:
--------
$ sudo keytool -importcert -alias useMySQLServer -file
/usr/local/mysql/data/ca.pem \
-keystore truststore.jks -storepass mypassword
Keystore:
--------
$ sudo openssl pkcs12 -export -in /usr/local/mysql/data/client-cert.pem
-inkey /usr/local/mysql/data/client-key.pem \
-name "mysqlclient" -passout pass:mypassword -out client-keystore.p12
$ sudo keytool -importkeystore -srckeystore client-keystore.p12
-srcstoretype pkcs12 \
-srcstorepass mypassword -destkeystore keystore.jks -deststoretype JKS
-deststorepass mypassword
*/
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
