Driver version

6.2.2.jre8, 6.4.0.jre8, master (7.1.2-SNAPSHOT)

SQL Server version

SQL Azure

Client Operating System

Windows 10, Windows 2012 R2 and Linux

JAVA/JVM version

Oracle Java 1.8 and openjdk version "10.0.2" 2018-07-17

Table schema

N/A

Problem description

1. Expected behaviour:

Able to connect to SQL Azure using TLS with only the encrypt=true option

2. Actual behaviour:

Connection is not established and an exception is raised

3. Error message/stack trace:

Received an error: "Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization."

4. Any other details that can be helpful:

SQL Azure uses a wildcard subject alternative name of *.database.windows.net in its certificate. While HostNameOverrideX509TrustManager supports subject alternative names (SANs), it does not support checking against wildcard hostnames. Therefore the certificate provided by SQL Azure is rejected by the driver.

I created a PoC where, in the default case, the default Java X509TrustManager is used instead of the driver's own implementation, taking care to set the endpoint identification protocol in the SSLParameters to "HTTPS". This has an implementation of wildcard checking and did not reject the certificate.

JDBC trace logs

Reproduction code

import java.sql.Connection;
import java.sql.DriverManager;

public class Main {

    public static void main(String[] argv) throws Exception {
        String jdbcUrl = "jdbc:sqlserver://xxxxx.database.windows.net:1433;databaseName=jdbctest;username=user1;password=pass1;encrypt=true";
        Connection conn = DriverManager.getConnection(jdbcUrl);
        conn.close();
    }
}