util: Fix compatibility with JDBC and Automatic TLS (#26931)

[ti-srebot]

cherry-pick #26931 to release-5.2
You can switch your code base to this Pull Request by using git-extras:

# In tidb repo:
git pr https://github.com/pingcap/tidb/pull/27013

After apply modifications, you can push your change to this PR via:

git push git@github.com:ti-srebot/tidb.git pr/27013:release-5.2-af2da8dd5518

---

What problem does this PR solve?

Set subject in automatically generated TLS certificates to TiDB_Server_Auto_Generated_Server_Certificate, which is similar to
what MySQL does.

This fixes this issue when connecting with Connector/J:

The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
Caused by: com.mysql.cj.exceptions.CJCommunicationsException: Communications link failure
Caused by: javax.net.ssl.SSLHandshakeException: Failed to parse server certificates
Caused by: java.security.cert.CertificateParsingException: Empty issuer DN not allowed in X509Certificates

policy set to LEGACY.

Test code:

package com.pingcap.jdbcConnTest;

import java.sql.DriverManager;
import java.sql.SQLException;

public class App
{
    public static void main( String[] args )
    {
        System.out.println( "Hello World!" );
        try {
            Class.forName("com.mysql.cj.jdbc.Driver");
        } catch (Exception ex) {
            System.out.println("Error:" + ex);
        }

        try {
            DriverManager.getConnection(
                "jdbc:mysql://127.0.0.1:4000/test?sslMode=PREFERRED",
                "root",
                ""
            );

        } catch (SQLException ex) {
            System.out.println("Error:" + ex);
            ex.printStackTrace();
        }
    }
}

Issue Number: close #26898

Check List

Tests

• Unit test (see linked issue)
• Manual test (add detailed scripts or steps below)

Release note

None

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has been approved by:

• dveeden
• zhouqiang-cl

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[ti-srebot]

/run-all-tests

[ti-srebot]

@dveeden you're already a collaborator in bot's repo.

[zhouqiang-cl]

LGTM

[purelind]

/run-build

[purelind]

/run-all-tests

[zhouqiang-cl]

/merge

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Commit hash: e4299d4

[ti-chi-bot]

@ti-srebot: Your PR was out of date, I have automatically updated it for you.

At the same time I will also trigger all tests for you:

/run-all-tests

If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.