Mysql 为Google Cloud SQL实例启用“仅允许SSL连接”，并从SSL配置的Spring应用程序连接到该实例

我有一个Spring应用程序，它在我的本地机器上运行，该机器使用Google Cloud MySQL实例。此外，我使用C3P00.9.1.2作为连接池。您可以在下面找到DAOcontext.xml文件和CATALINA_选项的一部分：

仅供参考，这些密钥存储是根据我的SQL实例的证书创建的，并且我的本地IP是这个MySQL实例的白名单。

当我从仪表板禁用仅允许SSL连接选项时，我的应用程序运行时不会出现任何DB连接问题。另外，当我通过WireShark检查应用程序和SQL实例之间的连接时，我看到数据包是SSL加密的

启用此选项时，tomcat应用程序会出现以下错误：

May 07, 2018 5:02:49 PM com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource getPoolManager
INFO: Initializing c3p0 pool... com.mchange.v2.c3p0.ComboPooledDataSource [ acquireIncrement -> 1, acquireRetryAttempts -> 30, acquireRetryDelay -> 1000, autoCommitOnClose -> false, automaticTestTable -> null, breakAfterAcquireFailure -> false, checkoutTimeout -> 0, connectionCustomizerClassName -> null, connectionTesterClassName -> com.mchange.v2.c3p0.impl.DefaultConnectionTester, dataSourceName -> z8kfsx9u1h2ypospw6bfm|37fcf007, debugUnreturnedConnectionStackTraces -> false, description -> null, driverClass -> com.mysql.jdbc.Driver, factoryClassLocation -> null, forceIgnoreUnresolvedTransactions -> false, identityToken -> z8kfsx9u1h2ypospw6bfm|37fcf007, idleConnectionTestPeriod -> 0, initialPoolSize -> 1, jdbcUrl -> jdbc:mysql://sql_instance_ip:3306/table_name?verifyServerCertificate=true&useSSL=true&requireSSL=true&trustCertificateKeyStoreUrl=file:/path/to/trustStore.jks&trustCertificateKeyStorePassword=****&characterEncoding=UTF-8&useUnicode=true&autoReconnect=true&useServerPrepStmts=false&rewriteBatchedStatements=true&failOverReadOnly=false&zeroDateTimeBehavior=convertToNull"/, maxAdministrativeTaskTime -> 0, maxConnectionAge -> 0, maxIdleTime -> 120, maxIdleTimeExcessConnections -> 0, maxPoolSize -> 5, maxStatements -> 0, maxStatementsPerConnection -> 0, minPoolSize -> 1, numHelperThreads -> 3, numThreadsAwaitingCheckoutDefaultUser -> 0, preferredTestQuery -> null, properties -> {user=******, password=******}, propertyCycle -> 0, testConnectionOnCheckin -> false, testConnectionOnCheckout -> false, unreturnedConnectionTimeout -> 0, usesTraditionalReflectiveProxies -> false ]
May 07, 2018 5:03:09 PM com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector run
WARNING: com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@274517d0 -- APPARENT DEADLOCK!!! Creating emergency threads for unassigned pending tasks!
May 07, 2018 5:03:09 PM com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector run
WARNING: com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@274517d0 -- APPARENT DEADLOCK!!! Complete Status:
    Managed Threads: 3
    Active Threads: 3
    Active Tasks:
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@68bff773 (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#1)
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@67cb9623 (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2)
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@599d5f2f (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#0)
    Pending Tasks:
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@1f0360c0
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@890083c
Pool thread stack traces:
    Thread[com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#1,5,main]
        java.lang.Thread.sleep(Native Method)
        com.mysql.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:2376)
        com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2306)
        com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:834)
        com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
        sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
....

这些错误日志并不特定于此问题，但它们与我的应用程序无法连接数据库时得到的日志类似。你对这个问题有什么想法或建议吗？是否有人使用类似的设置并遇到此问题

---

非常感谢您的任何帮助和建议

这似乎是一个配置问题。我建议您再次执行中描述的所有步骤，并检查您的服务器证书是否仍然有效

---

作为一种解决方法，我建议您可以使用。

您可能有混合内容问题，看起来您没有安全地调用其中一些资源，https连接可能会阻止它们加载。您看到的明显死锁是由于您尝试建立的连接既没有成功也没有失败，但只是无限期地等待。为了调试此类问题，编写一个小测试程序，尝试建立并关闭与数据库的连接通常是有帮助的。一旦这样的测试程序从应用程序的服务器上成功运行，您将更好地了解如何配置您的应用程序。@MasonStedman您能详细说明一下不安全地调用其中一些资源吗？@SteveWaldman Imo它将无限期挂起，因为DB实例由于只允许SSL连接选项而阻止建立此连接。编写小型测试应用程序以澄清问题是正确的问题。当从仪表板启用仅允许SSL连接选项时，我已经通过mysql客户端测试了现有证书。它们似乎仍然有效：mysql-SSL ca=server-ca.pem-SSL cert=client-cert.pem-SSL key=client-key.pem-host=***-user=***-password。。。mysql>\s------------。。。SSL：使用的密码是ECDHE-RSA-AES128-SHA。。。我将调查云SQL代理选项，谢谢。如果您解决了此问题，是否有任何更新？

May 07, 2018 5:02:49 PM com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource getPoolManager
INFO: Initializing c3p0 pool... com.mchange.v2.c3p0.ComboPooledDataSource [ acquireIncrement -> 1, acquireRetryAttempts -> 30, acquireRetryDelay -> 1000, autoCommitOnClose -> false, automaticTestTable -> null, breakAfterAcquireFailure -> false, checkoutTimeout -> 0, connectionCustomizerClassName -> null, connectionTesterClassName -> com.mchange.v2.c3p0.impl.DefaultConnectionTester, dataSourceName -> z8kfsx9u1h2ypospw6bfm|37fcf007, debugUnreturnedConnectionStackTraces -> false, description -> null, driverClass -> com.mysql.jdbc.Driver, factoryClassLocation -> null, forceIgnoreUnresolvedTransactions -> false, identityToken -> z8kfsx9u1h2ypospw6bfm|37fcf007, idleConnectionTestPeriod -> 0, initialPoolSize -> 1, jdbcUrl -> jdbc:mysql://sql_instance_ip:3306/table_name?verifyServerCertificate=true&useSSL=true&requireSSL=true&trustCertificateKeyStoreUrl=file:/path/to/trustStore.jks&trustCertificateKeyStorePassword=****&characterEncoding=UTF-8&useUnicode=true&autoReconnect=true&useServerPrepStmts=false&rewriteBatchedStatements=true&failOverReadOnly=false&zeroDateTimeBehavior=convertToNull"/, maxAdministrativeTaskTime -> 0, maxConnectionAge -> 0, maxIdleTime -> 120, maxIdleTimeExcessConnections -> 0, maxPoolSize -> 5, maxStatements -> 0, maxStatementsPerConnection -> 0, minPoolSize -> 1, numHelperThreads -> 3, numThreadsAwaitingCheckoutDefaultUser -> 0, preferredTestQuery -> null, properties -> {user=******, password=******}, propertyCycle -> 0, testConnectionOnCheckin -> false, testConnectionOnCheckout -> false, unreturnedConnectionTimeout -> 0, usesTraditionalReflectiveProxies -> false ]
May 07, 2018 5:03:09 PM com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector run
WARNING: com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@274517d0 -- APPARENT DEADLOCK!!! Creating emergency threads for unassigned pending tasks!
May 07, 2018 5:03:09 PM com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector run
WARNING: com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@274517d0 -- APPARENT DEADLOCK!!! Complete Status:
    Managed Threads: 3
    Active Threads: 3
    Active Tasks:
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@68bff773 (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#1)
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@67cb9623 (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2)
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@599d5f2f (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#0)
    Pending Tasks:
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@1f0360c0
        com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@890083c
Pool thread stack traces:
    Thread[com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#1,5,main]
        java.lang.Thread.sleep(Native Method)
        com.mysql.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:2376)
        com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2306)
        com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:834)
        com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
        sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
....