I've created a patch for the MariaDB JDBC driver to add the ability to validate against self-signed SSL certificates. Specifically it allows users to specify the SSL certificate they are expecting from the server and only allow the connection to be created if the server matches it. This is the best protection against man in the middle attacks and given the rise of cloud based database deployments I think this would be a great addition to the driver.
The patch allows users to specify an SSLSocketFactory by including the class name as new connection parameter ("sslFactory"). The code structure mimics how the PostgreSQL JDBC driver works to delegate creation of an SSLSocketFactory though rather than passing an additional String value as an argument this version accepts the entire connection java.util.Properties. I figure it's cleaner (less explicit properties defined) and more extensible this way.
The patch also includes an implementation of SSLSocketFactory (called SingleCertSocketFactory) that validates against an predefined SSL certificate. This allows secure connections to servers secured with self-signed certificates.
The patch should be backwards compatible for existing clients as nothing changes if the new property is not used. The code path when SSL is enabled is slightly different but it still creates the same type of default SSLSocketFactory and also handles the "trustServerCertificate" property the same as before (eg. accept all certificates).
Here is an example usage of it:
// This String has the server's certificate received through some other secure channel:
String serverSslCert = "----
BEGIN CERTIFICATE---- ... [ Server's Certificate Goes Here] ...."
Properties info = new Properties();
Connection conn = DriverManager.getConnection(jdbcUrl, info);