New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sslsni default support in 1.10.7 breaks verify-ca option #1106
Comments
The |
The behavior of It looks like another case for Lines 158 to 159 in 922c00e
|
I was just hit by this. Looks like |
After updating from 1.10.6 to 1.10.7 I found that when using
sslmode=verify-ca
mode:client.ConnectionState().ServerName
in this part of code has value ofhost
parameter from db connection stringverify-ca
option, throwingx509: “*.<host>” certificate name does not match input
In version 1.10.6 sslVerifyCertificateAuthority function was using empty string in its place, ignoring verification of leaf certificate.
I would like to be able to use
sslsni
option and on same time useverify-ca
option.The text was updated successfully, but these errors were encountered: