Currently the MariaDB Java Client JDBC driver has two validation modes for server certificates. It can either use:
1) The default JVM key store. This is the default option.
2) It can accept all remote certificates without validation. This is done by setting the "trustServerCertificate" property to a non-null value.
When using self-signed certificates for the server neither of these is acceptable. Option #1 will not validate as the certificate is not signed by a trusted certificate authority. Option #2 is inherently insecure and is susceptible to a man in the middle attack.
The JDBC driver should allow users to validate the server against a predefined server certificate.