SSL Error connecting to remote DB

Wappler Version : 6.2.1
Operating System : Windows 11
Server Model: Node.JS
Database Type: PostgreSQL
Hosting Type: Docker

Expected behavior

Should be able to add DB connection for remote Linode DB server using standard host/username/password/ssl credentials etc.

Actual behavior

Try to connect using existing and previously working DB connection and its unable to connect and gets this error:

write EPROTO 2264064:error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT:..\..\third_party\boringssl\src\ssl\ssl_cert.cc:605:

Please note, that while getting this error i’m still able to connect to the DB server using a DB admin tool like Navicat or DB Visualizer. The error ONLY occurs in Wappler

I have dont full re-installs of wappler, tried this on brand new projects, restarted docker. opened up all IPs on the DB server etc

How to reproduce

Create a new Wappler project
Use the default App template
Add a new DB connection to a Linode Managed DB
Try to connect

Test it it 5.8.x and it works. Upgrade to 6.2.1 and it WONT work.

I can provide logs and even DB credentials if required.

This might help:

https://help.mulesoft.com/s/article/SSL-routines-OPENSSL-internal-KEY-USAGE-BIT-INCORRECT

Thanks @George I will look at this tomorrow morning (i’ve already started drinking tonight…so not a great headspace to troubleshoot)

What gets me though, why would it work fine if i roll back to Wappler 5.8 and then stop working when i upgrade to 6.2? I’ve deleted and reinstalled Wappler multiple times today.

Works in 5.8 doesn’t work in 6.2.1.

I’ve also had another Wappler user test on their Mac and it doesn’t work in 6.2 either

In the next update we will be updating or SSH libraries to the latest, so this might get solved as well.

Fixed in Wappler 6.2.2

Actually, this is still isn’t working for me.

Updated, restarted, tried a new DB connection as well and still unable to connect.

Are you getting the same error?

What type of ssh key you have?

Yes, same error (that i can see)

write EPROTO 2264064:error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT:..\..\third_party\boringssl\src\ssl\ssl_cert.cc:605:
I’m not using SSH to connect to the DB, just SSL, but i do have SSH keys stored with Wappler. They certainly could be an issue and i have had to generate new SSH keys recently as i was trying to move from Sockets and Docker Machines over to Resource Manager.

There were some connections that couldn’t be imported, likely to SSH issues (although it’s always been the same PC) so i had to generate new keys and create new Linode servers fresh using Resource Manager.

Is there somewhere else i can check?

Just some more info…

I did have some project keys generated by Wappler… Because of all the updates and roll-backs it s bit messy, but i added Linode back in through Resource Manager and imported the keys.

So now the keys stored here:
image

Are definitely in the Linode SSH keys manager along with the original personal SSH keys i created years ago that are still on my personal PC in Users/.SSH folder.

This did not fix anything, but hopefully gives you some more info

Oh sorry I was confused that you are using ssh to connect to your database.

How is the ssl db connection setup?

It is just using the SSL - ON and ‘Default’ setting the DB connection.

In the DB file under Targets it looks like:

"ssl": { "rejectUnauthorized": false }

I mean where and how is your db server hosted and installed? Is it a managed database or did you installed it your self and how?

Also where exactly are you getting this error? Can you include a screenshot?

The DB server is a Managed Database server through Linode.

I can connect to it fine through any SQL tool like Navicat etc.

I can connect in Wappler 5.8 but not in 6.2

I get the error either in Google console or more easily just in Wappler in the DB manager when i manage or add a connection to the server like this:

I realise this isn’t exactly a Wappler issue as its probably not able to be replicated by others (although i had another Wappler user try to connect to this same DB server on his Mac and he got the same error)

But somewhere along the way this last week+ something happened to break the access.

I logged a job with Linode but they said the server looks fine on their end.

It has a live production DB on it so i don’t particularly want to migrate to new DB, but that is my only option now.

Also, if a create a new Managed Database server on Linode then Wappler can connect as per normal…it is only this existing server that is the issue

And if you click on the “database connection” button? What are the selected options? You can remove any security options from the screenshot.

Specifically the selected SSL options. Have you specified there an CA file? Usually you can download it from the provider.

See:


from:
https://www.linode.com/docs/products/databases/managed-databases/guides/postgresql-connect/

And choose “Custom” from the SSL options in the database connection in Wappler

When you download the CA Cert file make sure you save it under the “certs” folder in your project and select it from there.

Its always been SSL = Enabled and on Deafulty setting.

But yes, i had also been to the Linode site, and checked the CA Cert. It was already installed in my Wappler project but i have re-downloaded and saved again to the certs folder. Same error:

I’m happy to share the full login details for you to test the connection yourself, I’ll change the passwords later and restrict IP addresses anyway so security is not an issue.

I would much rather fix this issue than to have to delete the DB and create a new one

Yes send over the info by PM so I can check

Hi Philip,

After large investigation, I’ve discovered that your LInode managed database is using an old self signed SSL certificate. Those are no longer officially accepted and give errors.

So either issue a new certificate for SSL or switch SSL of but then you will need to add your ip for allowed access.

1 Like