jfrog
Go 1.25.2 bug - Can't connect to external DB
On the newest artifactory-cpp-ce-107.125.4, jfrog is not being able to connect to my external Database, with the following error in the logs:
2025-11-04T12:35:06.257Z [jfmd ] [ERROR] [ ] [database_bearer.go:137 ] [main ] - Could not initialize database (db config: {postgresql jdbc:postgresql://REDACTED}): failed to connect to (REDACTED): failed to write startup message: write failed: tls: failed to parse certificate from server: x509: SAN dNSName is malformed
error connecting to database. giving up
jfrog.com/metadata/v7/services/common/db.(*databaseBearer).init
jfrog.com/metadata/[email protected]/services/common/db/database_bearer.go:218
jfrog.com/metadata/v7/services/common/db.NewDatabaseBearer
jfrog.com/metadata/[email protected]/services/common/db/database_bearer.go:135
main.main
jfrog.com/metadata/[email protected]/metadata.go:43
runtime.main
/var/jenkins_home/tools/org.jenkinsci.plugins.golang.GolangInstallation/go-1.25.2/src/runtime/proc.go:285
runtime.goexit
/var/jenkins_home/tools/org.jenkinsci.plugins.golang.GolangInstallation/go-1.25.2/src/runtime/asm_amd64.s:1693
goroutine 1 [running]:
runtime/debug.Stack()
/var/jenkins_home/tools/org.jenkinsci.plugins.golang.GolangInstallation/go-1.25.2/src/runtime/debug/stack.go:26 +0x5e
jfrog.com/jfrog-go-commons/v7/pkg/log.(*standardLogger).Panicfc(0xc0008b8190, {0x3394d68, 0xc0007b8030}, {0x2cd60c1, 0x32}, {0xc00090ba20, 0x2, 0x2})
goroot/pkg/mod/jfrog.com/jfrog-go-commons/[email protected]/pkg/log/standard_logger.go:101 +0xbf
jfrog.com/metadata/v7/services/common/db.NewDatabaseBearer({0x3394d68, 0xc0007b8030}, {0x339d9a0, 0xc0005bcaf0}, {0x339d8c8, 0xc000940960}, {0x3389028, 0x4d1db00}, {0x33714e0, 0xc000b0ad50}, ...)
jfrog.com/metadata/[email protected]/services/common/db/database_bearer.go:137 +0x2bd
main.main()
jfrog.com/metadata/[email protected]/metadata.go:43 +0x485
[database]
panic: Could not initialize database (db config: postgresql jdbc:postgresql://REDACTED: failed to write startup message: write failed: tls: failed to parse certificate from server: x509: SAN dNSName is malformed
error connecting to database. giving up
jfrog.com/metadata/v7/services/common/db.(*databaseBearer).init
jfrog.com/metadata/[email protected]/services/common/db/database_bearer.go:218
jfrog.com/metadata/v7/services/common/db.NewDatabaseBearer
jfrog.com/metadata/[email protected]/services/common/db/database_bearer.go:135
main.main
jfrog.com/metadata/[email protected]/metadata.go:43
runtime.main
/var/jenkins_home/tools/org.jenkinsci.plugins.golang.GolangInstallation/go-1.25.2/src/runtime/proc.go:285
runtime.goexit
/var/jenkins_home/tools/org.jenkinsci.plugins.golang.GolangInstallation/go-1.25.2/src/runtime/asm_amd64.s:1693
goroutine 1 [running]:
runtime/debug.Stack()
/var/jenkins_home/tools/org.jenkinsci.plugins.golang.GolangInstallation/go-1.25.2/src/runtime/debug/stack.go:26 +0x5e
jfrog.com/jfrog-go-commons/v7/pkg/log.(*standardLogger).Panicfc(0xc0008b8190, {0x3394d68, 0xc0007b8030}, {0x2cd60c1, 0x32}, {0xc00090ba20, 0x2, 0x2})
goroot/pkg/mod/jfrog.com/jfrog-go-commons/[email protected]/pkg/log/standard_logger.go:101 +0xbf
jfrog.com/metadata/v7/services/common/db.NewDatabaseBearer({0x3394d68, 0xc0007b8030}, {0x339d9a0, 0xc0005bcaf0}, {0x339d8c8, 0xc000940960}, {0x3389028, 0x4d1db00}, {0x33714e0, 0xc000b0ad50}, ...)
jfrog.com/metadata/[email protected]/services/common/db/database_bearer.go:137 +0x2bd
main.main()
jfrog.com/metadata/[email protected]/metadata.go:43 +0x485
This seems to be related to this go bug, which is the same version running in this jfrog deployment: https://github.com/golang/go/issues/75828
Thanks for raising this. Could you share your custom values.yaml so that we can try to reproduce?
Sure, here it is:
artifactory:
## Artifactory
## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
artifactory:
## Default tag is from the artifactory sub-chart in the requirements.yaml
image:
registry: releases-docker.jfrog.io
repository: jfrog/artifactory-cpp-ce
# tag:
resources: {}
javaOpts: {}
masterKeySecretName: conan-artifactory-secrets-masterkey
joinKeySecretName: conan-artifactory-secrets-joinkey
persistence:
enabled: false
installer:
platform: art-cpp-ce-helm
installerInfo: '{"productId":"Helm_artifactory-cpp/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}'
## Nginx
## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
nginx:
enabled: false
tlsSecretName: ""
service:
type: LoadBalancer
## Ingress
## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
ingress:
enabled: false
tls:
## PostgreSQL
## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
## Configuration values for the PostgreSQL dependency sub-chart
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md
postgresql:
enabled: false
## This key is required for upgrades to protect old PostgreSQL chart's breaking changes.
databaseUpgradeReady: "yes"
## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false),
## specify custom database details here or leave empty and Artifactory will use embedded derby.
## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
# database:
jfconnect:
enabled: false
rtfs:
enabled: false
onemodel:
enabled: false
evidence:
enabled: false
database:
## To run Artifactory with any database other than PostgreSQL allowNonPostgresql set to true.
allowNonPostgresql: false
type: postgresql
driver: org.postgresql.Driver
## If you set the url, leave host and port empty
url:
## If you would like this chart to create the secret containing the db
## password, use these values
user:
password:
## If you have existing Kubernetes secrets containing db credentials, use
## these values
secrets:
user:
name: "conan-artifactory-secrets"
key: "db_user"
password:
name: "conan-artifactory-secrets"
key: "db_pass"
url:
name: "conan-artifactory-secrets"
key: "db_url"
We were on Chart version 107.117.17 and updated to 107.125.4 when this problem came up.
FYI, this seems to be fixed on go 1.25.3: https://go.dev/doc/devel/release#go1.25.3
@RobinDuhan Could you please say if you have any updates on this issue?
Hi @aldomozhirov, I missed seeing your earlier message, my bad. I was also hoping to get postgres url from your custom values.yaml, to help reproduce better. Would you be able to share that, a sample of how it looks like maybe? You can redact sensitive info.
Also, If you have access to our support, please raise a support request through them. Regardless, I am raising this internally and I'd let you know of any updates.
Hi @RobinDuhan ,
The url is jdbc:postgresql://muc1-primary.pgo.svc:5432/conan-artifactory?sslmode=require
This is a Postgres Operator running in k8s, and this setup was working on chart version 107.117.17. As I mentioned above this comes from a bug in go that can't deal with a certificate with trailing dots on the SAN field. This has been fixed in go v1.25.3, so I believe a new image needs to be built with the newer go version.
@simaopgs This would be fixed in the next patch of artifactory, which should happen end of next week.