Connecting to CockroachDB using SSL not working anymore after upgrading to JDBC driver version >= 42.3.2

[georgian-micsa-form3]

Describe the issue

After migrating to JDBC driver version >= 42.3.2, connection to our CockroachDB using SSL fails with following error: The server requested password-based authentication, but no password was provided by plugin null.

DB Version
Server version: CockroachDB CCL v21.1.7

JDBC Driver Version?
>= 42.3.2

Java Version?
1.8.0_312

To Reproduce

import java.sql.Connection;
import java.sql.DriverManager;

public class ConnectionTest {

    public static final String URL = "jdbc:postgresql://localhost:26257/some_db?" +
            "user=some_user" +
            "&ssl=true" +
            "&sslmode=verify-full" +
            "&sslcert=some_cert.crt" +
            "&sslkey=some_key.pk8" +
            "&sslrootcert=some_root_cert.crt";


    public static void main(String[] args) {
        try (Connection connection = DriverManager.getConnection(URL)) {
            System.out.println("Got connection: " + connection);
        } catch (Exception e) {
            System.out.println("Connection failure.");
            e.printStackTrace();
        }
    }
}

Expected behaviour
Using JDBC driver 42.3.1 and lower, we are able to get the connection.

Logs
Using 42.3.2, we get following error:

org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided by plugin null
	at org.postgresql.core.v3.AuthenticationPluginManager.lambda$withEncodedPassword$0(AuthenticationPluginManager.java:110)
	at org.postgresql.core.v3.AuthenticationPluginManager.withPassword(AuthenticationPluginManager.java:81)
	at org.postgresql.core.v3.AuthenticationPluginManager.withEncodedPassword(AuthenticationPluginManager.java:107)
	at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:691)
	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:180)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223)
	at org.postgresql.Driver.makeConnection(Driver.java:468)
	at org.postgresql.Driver.connect(Driver.java:267)
	at java.sql.DriverManager.getConnection(DriverManager.java:664)
	at java.sql.DriverManager.getConnection(DriverManager.java:270)

gz#12090

Jira issue: CRDB-15696

[blathers-crl]

Hello, I am Blathers. I am here to help you get the issue triaged.

It looks like you have not filled out the issue in the format of any of our templates. To best assist you, we advise you to use one of these templates.

I have CC'd a few people who may be able to assist you:

• @cockroachdb/bulk-io (found keywords: import)

If we have not gotten back to your issue within a few business days, you can try the following:

• Join our community slack channel and ask on #cockroachdb.
• Try find someone from here if you know they worked closely on the area and CC them.

_{🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan.}

[blathers-crl]

cc @cockroachdb/bulk-io

[rafiss]

Thanks for this report. Do you know if other versions of Java are affected too?

Looking at the PGJDBC changelog, nothing stands out in particular as a likely cause: https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.2

[rafiss]

I tried locally using PGJDBC 42.3.2 and Java 1.8.0_292, and I was able to connect successfully.

[georgian-micsa-form3]

Closing this issue: we debugged a bit more the problem and it's not an issue with neither CockroachDB nor PG JDBC driver.

It seems that our certificates were not generated correctly: on server side we were using ECDSA and on client side RSA and pgjdbc added some cert key type checking: pgjdbc/pgjdbc#2417 that was causing that error due to certificate type mismatch.