Can't establish TLS connection when enable server cert check in AWS Lambda

Describe the bug

When trying to connect to a MySQL server using MySQL Connector/J 8.0.29 using TLS connection like:

sslMode=VERIFY_IDENTITY&enabledTLSProtocols=TLSv1.2,TLSv1.3

it throws:

12:16:00.802 [main] ERROR org.custom.connector.jdbc.client.MySQLClient - URI: jdbc:mysql://[gateway01.us-west-2.prod.aws.tidbcloud.com:4000/test?user=HZ5E7ifaDEjJTsh.root&password=wqz1994625&sslMode=VERIFY_IDENTITY&enabledTLSProtocols=TLSv1.2,TLSv1.3](http://gateway01.us-west-2.prod.aws.tidbcloud.com:4000/test?user=HZ5E7ifaDEjJTsh.root&password=wqz1994625&sslMode=VERIFY_IDENTITY&enabledTLSProtocols=TLSv1.2,TLSv1.3)
12:16:01.823 [main] ERROR org.custom.connector.jdbc.client.MySQLClient - SQLException: Cannot open file:/etc/pki/java/cacerts [Keystore was tampered with, or password was incorrect]

To Reproduce

Just connect to a MySQL Server enables TLS using the settings above. You can also check template https://github.com/pingcap-inc/tidb-appflow-integration/blob/main/template.yml#L11.

Expected behavior

OpenJDK will use the default truststore if user don't supply any truststore configuretion. And seems corretto also tries to do so but something weird happens. It cannot open the path /etc/pki/java/cacerts in Lambda.

Screenshots

If applicable, add screenshots to help explain your problem.

Platform information

OS: [e.g. Amazon Linux 2]
Version [e.g. "11.0.1+13-1" (output from "java -version")]

Additional context

Actually, last year, a same bug is reported https://github.com/corretto/corretto-8/issues/320, it is closed as there is a "solution". But I can't agree. Although setting sslMode=REQUIRED could establish connection successfully, but it won't check the server's cert or even host name. This is not what I want and expose users to MITM problems.

corretto / corretto-11