Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-1076

LP #1673656: SSL Certificate Subject ALT Names with IPs or DNS: not respected with --ssl-verify-server-cert

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None

      Description

      **Reported in Launchpad by Nickolay Ihalainen last update 18-07-2017 20:49:27

      https://github.com/percona/percona-server/blob/5.6/sql-common/client.c#L1894-L1898

      X509_VERIFY_PARAM_set1_host or X509_VERIFY_PARAM_add1_host or X509_check_host while checking common name.

      Major issue happening with Aurora cluster:

      "In order to connect to the cluster endpoint using SSL, your client connection utility must support Subject Alternative Names (SAN). If your client connection utility doesn't support SAN, you can connect directly to the instances in your Aurora DB cluster. For more information on Aurora endpoints, see Aurora Endpoints."
      http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Connect.html

      Upstream bug:
      https://bugs.mysql.com/bug.php?id=68052

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              lpjirasync lpjirasync (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: