-
-
Notifications
You must be signed in to change notification settings - Fork 625
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERR_TLS_CERT_ALTNAME_INVALID error when using CNAME as host name for RDS connection #2172
Comments
Maybe we need to add SNICallback to handle your scenario |
Yes I can connect with The error is coming from Line 385 in 48c2b8d
One possible workaround would be allowing to pass custom |
I'm actually thinking to deprecate import amazonRdsSslProfile from "amozon-rds-certs"; // package name TBD
const conn = mysql.createConnection({
ssl: {
...amazonRdsSslProfile,
checkServerIdentity: () => null,
}
}
What needs to be done:
|
@dougwilson wdyt about above, with profile repo under mysqljs org, and mysqjs/mysql referencing it in a similar way ( with similar deprecation steps ) |
Hi @sidorares that ia a good idea! Sorry I was away, but I am just getting back now and replying to issues 😅. I'll actually set it up here this weekend. I figure it just is an export of the list in the same format Node.js accepts, of course. |
We have a CNAME set in Route53 for our RDS cluster. When using that CNAME as host for MySQL connection we are getting
ERR_TLS_CERT_ALTNAME_INVALID
error (Hostname/IP does not match certificate's altnames).SSL option in configuration is set to
ssl: 'Amazon RDS'
.This is because the certificate from RDS doesn't have the CNAME listed as altname and AFAIK there is no way to do that in RDS.
This was working fine in mysql2 3.5.0 and broke in 3.5.1 with #2119 and the switch to
Tls.connect
.The text was updated successfully, but these errors were encountered: