-
Notifications
You must be signed in to change notification settings - Fork 550
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gem does not verify hostname when ssl_mode: :verify_identity
#879
Comments
- The documentation indicates that `:verify_identity` should be sufficient to verify the hostname in the certificate matches the connection string, but hostname verify was not taking place. - Adding `sslverify: true` fixes this, opened an issue to understand why this extra field is necessary: brianmario/mysql2#879 [#132950039]
Also:
Also:
So I don't understand why you're seeing a different behavior between |
I have this suspicion that it is related to #889 but I'm not quite following my own hunch. This doesn't make sense to me in your OP, it must be a bug in MySQL client!?
|
Please check of 0.4.10 resolves this issue for you, otherwise it may simply require documentation that both flags are required. |
Did version 0.4.10 resolve the issue for you? |
@sodabrew unfortunately I've since rolled off the team that was hitting this issue. Luckily (or unluckily), my coworker @pivotal-jamil-shamy is hitting a similar issue. Maybe they can check if version 0.4.10 works. |
@sodabrew @ljfranklin we're using version 0.4.10 as well and still hitting the similar issue |
We are experiencing this issue as well. |
For context, Mariadb's client library does not support ssl_mode, so this connector's |
cc @xtreme-andrew-su @freddesbiens |
From the MySQL documentation, the
VERIFY_IDENTITY
SSL mode should verify the hostname in the server's certificate matches the hostname to which to client tried to connect. However, when settingssl_mode: :verify_identity
the gem connects even if there is a hostname mismatch. If I setssl_mode: :verify_identity
ANDsslverify: true
, the gem returns an SSL validation error as expected.Using mysql2 version 0.4.8 and MariaDB connector C version 2.3.0 as the driver.
The text was updated successfully, but these errors were encountered: