-
Bug
-
Resolution: Fixed
-
Medium
-
9.0.0, 9.1.0, 9.0.1, 9.2.0, 9.1.1, 9.2.1
-
5
-
Severity 3 - Minor
-
9
-
Issue Summary
When upgrading Bitbucket 9.x, the application doesn't start when using Microsoft SQL Server without an SSL connection.
This error doesn't happen when using PostgreSQL or Oracle.
This is reproducible on Data Center: Yes
Steps to Reproduce
- Install a Bitbucket and connect with the MSSQL Server (any version) without encrypting the DB connection.
- Upgrade Bitbucket from any version to 9.x.
- You will see an error in the log:
2024-09-10 20:15:49,444 WARN [spring-startup] o.s.w.c.s.XmlWebApplicationContext Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'licenseValidator' defined in class path resource [critical-context.xml]: Invocation of init method failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Unable to retrieve license details from the database: ; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ClientConnectionId:979ab700-f6da-4fbb-a0dc-c826ddbc257a
- And the following error in the UI:
Expected Results
The application should start automatically using the JDBC URL used in the previous versions.
Actual Results
The below exception is thrown in the atlassian-bitbucket.log file:
2024-09-10 20:15:49,444 WARN [spring-startup] o.s.w.c.s.XmlWebApplicationContext Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'licenseValidator' defined in class path resource [critical-context.xml]: Invocation of init method failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Unable to retrieve license details from the database: ; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ClientConnectionId:979ab700-f6da-4fbb-a0dc-c826ddbc257a 2024-09-10 20:15:49,444 INFO [spring-startup] c.a.s.internal.home.HomeLockAcquirer Releasing lock on /var/atlassian/application-data/bitbucket 2024-09-10 20:15:49,446 ERROR [spring-startup] c.a.j.s.w.s.JohnsonDispatcherServlet SpringMVC dispatcher [springMvc] could not be started
The error occurs because the application is setting the property "encrypt=true" by default. If the database doesn't have an SSL connection, this will throw an error and prevent the application from starting.
Workaround
Since the "encrypt=true" is causing the error, we need to add the following property at the end of the JDBC URL in your Bitbucket properties:
encrypt=false;
JDBC URL example:
jdbc.url=jdbc:sqlserver://<DB_URL>:1433;databaseName=<DATABASE>;encrypt=false;