[Enterprise-support] [Bug 1673656] [NEW] SSL Certificate Subject ALT Names with IPs or DNS: not respected with --ssl-verify-server-cert

Nickolay Ihalainen Thu, 16 Mar 2017 20:21:06 -0700

Public bug reported:

https://github.com/percona/percona-server/blob/5.6/sql-
common/client.c#L1894-L1898


X509_VERIFY_PARAM_set1_host or X509_VERIFY_PARAM_add1_host or
X509_check_host while checking common name.


Major issue happening with Aurora cluster:

"In order to connect to the cluster endpoint using SSL, your client connection 
utility must support Subject Alternative Names (SAN). If your client connection 
utility doesn't support SAN, you can connect directly to the instances in your 
Aurora DB cluster. For more information on Aurora endpoints, see Aurora 
Endpoints."
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Connect.html


Upstream bug:
https://bugs.mysql.com/bug.php?id=68052

** Affects: mysql-server
     Importance: Unknown
         Status: Unknown

** Affects: percona-server
     Importance: Undecided
         Status: Confirmed

** Affects: percona-server/5.5
     Importance: Undecided
         Status: New

** Affects: percona-server/5.6
     Importance: Undecided
         Status: Confirmed

** Affects: percona-server/5.7
     Importance: Undecided
         Status: Confirmed


** Tags: i177067 ssl upstream

** Bug watch added: MySQL Bug System #68052
   http://bugs.mysql.com/bug.php?id=68052

** Also affects: mysql-server via
   http://bugs.mysql.com/bug.php?id=68052
   Importance: Unknown
       Status: Unknown

** Tags added: i177067

** Also affects: percona-server/5.7
   Importance: Undecided
       Status: Confirmed

** Also affects: percona-server/5.5
   Importance: Undecided
       Status: New

** Also affects: percona-server/5.6
   Importance: Undecided
       Status: New

** Changed in: percona-server/5.6
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to MySQL.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1673656

Title:
  SSL Certificate Subject ALT Names with IPs or DNS: not respected with
  --ssl-verify-server-cert

To manage notifications about this bug go to:
https://bugs.launchpad.net/mysql-server/+bug/1673656/+subscriptions

-- 
Mailing list: https://launchpad.net/~enterprise-support
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~enterprise-support
More help   : https://help.launchpad.net/ListHelp

[Enterprise-support] [Bug 1673656] [NEW] SSL Certificate Subject ALT Names with IPs or DNS: not respected with --ssl-verify-server-cert

Reply via email to