StatementClientV1 self-signed certificate validation failure

[nhunter-eden]

There are a couple issues in Trino.Client.StatementClientV1 that cause self-signed certificate validation to fail.

1. The StatementClientV1 constructor initializes an HTTP client with the handler it defines, but it never actually saves that client to the object (line 149).
2. The X509 chain status I observed when attempting to validate a self-signed cert was not an UntrustedRoot (line 140) but rather a PartialChain with the status information, "A certificate chain could not be built to a trusted root authority."

[mosabua]

Could you send a PR that enables this .. potentially adding toggles .. look at how the JDBC driver handles this potentially. cc @georgewfisher

[nhunter-eden]

I don't have write access to the repo and would rather not fork it for a tiny fix. (Happy to put up a PR if given branch write access.)

Perhaps item 2 from my first message should be disregarded ... the partial chain message observed on Ubuntu was different than on Windows and approving partial chain errors may not be appropriate anyways. I found that adding the certificate to the trusted CA certificate store allowed me to circumvent these errors (though it's still not clear why that's necessary when the trusted cert path is already passed in).

For item 1, I believe the fix would simply be this.httpClient = new HttpClient(handler);.

[mosabua]

All contributions are done via forks and pull requests. Write access is only given to subproject maintainers. Please create and test a fix in your fork and branch and send a PR.

[sja-work]

This bug also prevents mTLS from working (all certificates are assigned to a handler and HttpClient that is discarded when the constructor exits)