0 Comments

By default any calls done by Qt over HTTPS will fail. This is because the OpenSSL it relies on is not included into the distribution that was installed. All you have to do, to make it work, is to download OpenSSL 1.0.xxx library for Windows from here and install to any folder (for example: “C:\OpenSSL”). The tiny 3MB package is enough. Then copy the libeay32.dll and libssl32.dll into developed applications folder (the output one) and it will be automatically picked up during startup.

There is no need to mess anything with Qt at all (and for sure no need to rebuild Qt framework!).

It was also described on StackOverflow, too.

0 Comments

Recently I had some problems connecting with DataGrip to my Microsoft SQL Server 2012 instance provided as part of purchased web hosting plan.

By some reason my connection was always rejected with following error message:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

Microsoft’s documentation (available here) turned out to be very helpful. According to it, the initialization is always encrypted with JBDC and I actually should focus on encrypt and trustServerCertificate parameters, setting both to ‘true’. In this configuration client-side (my tool), was expecting SSL traffic and had disabled any checks done over the certificate itself.


Partial success, for now the error message got changed to:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates do not conform to algorithm constraints".

This lead to a conclusion that the certificate is invalid in more ways. Little help from stackoverflow.com revealed it might be so old that the latest Java 8 OpenJDK had put it on blacklist due to weaknesses and vulnerabilities of used MD5 signatures. Brutal and effective patch is then restored it back and whitelist ;-)

Edit file: %ProgramFiles%\JetBrains\DataGrip 2017.1.5\jre64\lib\security\java.security

and remove MD5 and MD5withRSA

from those two variables: jdk.certpath.disabledAlgorithms and jdk.tls.disabledAlgorithms.


Now, connection succeeded and we are ready to play with the database.


You are right. At this point I should stop and let them know about the issue and ask about certificate upgrade. Thanks.