Issue Summary

When upgrading Bitbucket 9.x, the application doesn't start when using Microsoft SQL Server without an SSL connection.

This error doesn't happen when using PostgreSQL or Oracle.

This is reproducible on Data Center: Yes

Steps to Reproduce

1. Install a Bitbucket and connect with the MSSQL Server (any version) without encrypting the DB connection.
2. Upgrade Bitbucket from any version to 9.x.
3. You will see an error in the log:

   2024-09-10 20:15:49,444 WARN  [spring-startup]  o.s.w.c.s.XmlWebApplicationContext Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'licenseValidator' defined in class path resource [critical-context.xml]: Invocation of init method failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Unable to retrieve license details from the database: ; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ClientConnectionId:979ab700-f6da-4fbb-a0dc-c826ddbc257a
   

4. And the following error in the UI:
   

Expected Results

The application should start automatically using the JDBC URL used in the previous versions.

Actual Results

The below exception is thrown in the atlassian-bitbucket.log file:

2024-09-10 20:15:49,444 WARN  [spring-startup]  o.s.w.c.s.XmlWebApplicationContext Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'licenseValidator' defined in class path resource [critical-context.xml]: Invocation of init method failed; nested exception is org.springframework.dao.DataAccessResourceFailureException: Unable to retrieve license details from the database: ; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ClientConnectionId:979ab700-f6da-4fbb-a0dc-c826ddbc257a
2024-09-10 20:15:49,444 INFO  [spring-startup]  c.a.s.internal.home.HomeLockAcquirer Releasing lock on /var/atlassian/application-data/bitbucket
2024-09-10 20:15:49,446 ERROR [spring-startup]  c.a.j.s.w.s.JohnsonDispatcherServlet SpringMVC dispatcher [springMvc] could not be started

The error occurs because the application is setting the property "encrypt=true" by default. If the database doesn't have an SSL connection, this will throw an error and prevent the application from starting.

Workaround

Since the "encrypt=true" is causing the error, we need to add the following property at the end of the JDBC URL in your Bitbucket properties:

encrypt=false;

JDBC URL example:

jdbc.url=jdbc:sqlserver://<DB_URL>:1433;databaseName=<DATABASE>;encrypt=false;