Bug#705645: Sqlline fails with MS SQL Server JDBC data sources

Mark Kidwell Mark.Kidwell at westernunion.com
Wed Apr 17 23:44:08 UTC 2013 

Package: sqlline
Version: 1.0.2-4

Hello,

Running the sqlline binary against a MS SQL Server JDBC data source results in the following error:

$ sqlline
sqlline version 1.0.2 by Marc Prud'hommeaux
sqlline>  !connect jdbc:sqlserver://X.X.X.X:1433;databaseName=MyDatabase
Connecting to jdbc:sqlserver://X.X.X.X:1433;databaseName=MyDatabase
Enter username for jdbc:sqlserver://X.X.X.X:1433;databaseName=MyDatabase: foo
Enter password for jdbc:sqlserver://X.X.X.X:1433;databaseName=MyDatabase: ***
Apr 17, 2013 7:34:46 PM com.microsoft.sqlserver.jdbc.TDSChannel enableSSL
INFO: java.security path: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/security
Security providers: [SUN version 1.6, SunRsaSign version 1.7, SunJSSE version 1.6, SunJGSS version 1.0, SunSASL version 1.5, XMLDSig version 1.0, SunPCSC version 1.6]
SSLContext provider info: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SSLContext provider services:
[SunJSSE: KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory
  aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]
, SunJSSE: KeyPairGenerator.RSA -> sun.security.rsa.RSAKeyPairGenerator
  aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]
, SunJSSE: Signature.MD2withRSA -> sun.security.rsa.RSASignature$MD2withRSA
  aliases: [1.2.840.113549.1.1.2, OID.1.2.840.113549.1.1.2]
, SunJSSE: Signature.MD5withRSA -> sun.security.rsa.RSASignature$MD5withRSA
  aliases: [1.2.840.113549.1.1.4, OID.1.2.840.113549.1.1.4]
, SunJSSE: Signature.SHA1withRSA -> sun.security.rsa.RSASignature$SHA1withRSA
  aliases: [1.2.840.113549.1.1.5, OID.1.2.840.113549.1.1.5, 1.3.14.3.2.29, OID.1.3.14.3.2.29]
, SunJSSE: Signature.MD5andSHA1withRSA -> sun.security.ssl.RSASignature
, SunJSSE: KeyManagerFactory.SunX509 -> sun.security.ssl.KeyManagerFactoryImpl$SunX509
, SunJSSE: KeyManagerFactory.NewSunX509 -> sun.security.ssl.KeyManagerFactoryImpl$X509
, SunJSSE: TrustManagerFactory.SunX509 -> sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory
, SunJSSE: TrustManagerFactory.PKIX -> sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory
  aliases: [SunPKIX, X509, X.509]
, SunJSSE: SSLContext.SSL -> sun.security.ssl.SSLContextImpl
, SunJSSE: SSLContext.SSLv3 -> sun.security.ssl.SSLContextImpl
, SunJSSE: SSLContext.TLS -> sun.security.ssl.SSLContextImpl
, SunJSSE: SSLContext.TLSv1 -> sun.security.ssl.SSLContextImpl
, SunJSSE: SSLContext.Default -> sun.security.ssl.DefaultSSLContextImpl
, SunJSSE: KeyStore.PKCS12 -> sun.security.pkcs12.PKCS12KeyStore
]
java.ext.dirs: /usr/share/java/:/usr/local/share/java/
Error: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "RSA premaster secret error". ClientConnectionId:656fc562-608b-4bb4-9bf1-29720f312884 (state=08S01,code=0)

According to other bug reports with similar errors, it's because java.ext.dirs overrides the automatic use of the jre/lib/ext directory (reference http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6382135). And indeed, manually updating the sqlline binary to add the correct ext dir does fix this for the above test. Here's my local patch, though there's probably a much better way to do this when java-wrappers is involved.

Thanks,
Mark

--- /usr/bin/sqlline    2009-07-13 15:08:44.000000000 -0400
+++ sqlline     2013-04-17 19:40:06.000000000 -0400
@@ -1,6 +1,7 @@
 #!/bin/sh

-JAVA_ARGS="-Djava.ext.dirs=/usr/share/java/:/usr/local/share/java/"
+EXT_DIRS=/usr/share/java/:/usr/local/share/java/
+

 # Include the wrappers utility script
 . /usr/lib/java-wrappers/java-wrappers.sh
@@ -11,6 +12,18 @@
 # Define our classpath
 find_jars jline sqlline

+# find jre/lib/ext
+EXT=$JAVA_HOME/lib/ext
+if [ ! -d $EXT ] ; then
+  EXT=$JAVA_HOME/jre/lib/ext
+  if [ ! -d $EXT ] ; then
+    echo "Can't find extension dir (jre/lib/ext)!" >&2
+    exit 1
+  fi
+fi
+
+JAVA_ARGS="-Djava.ext.dirs=$EXT:/usr/share/java/:/usr/local/share/java/"
+
 # Run SQLLine
 run_java sqlline.SqlLine $extra_args "$@"
The information transmitted, including any content in this communication is confidential, is intended only for the use of the intended recipient and is the property of The Western Union Company or its affiliates and subsidiaries. If you are not the intended recipient, you are hereby notified that any use of the information contained in or transmitted with the communication or dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the Western Union sender immediately by replying to this message and delete the original message

More information about the pkg-java-maintainers mailing list