Open abraithwaite opened 1 month ago
thanks @abraithwaite for reporting.
It seems ClickHouse docs should be extend with subject alt name provided for certificate generate command: https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line
Generate a client certificate according to the docs on clickhouse's docs:
https://clickhouse.com/docs/en/guides/sre/ssl-user-auth
Use the certificate to authenticate directly with the host:
Go program using this client at the latest version (v2):
https://gist.github.com/abraithwaite/f80a83a88ab75cb31c9b0d39c635215d
The error returned:
CFSSL cert info:
I recommend either updating the clickhouse docs with an example that works in Go, or figuring out a good (and secure!) way to ensure that the client certificates generated by clickhouse server documentation works in the Go client as well.