search

GoogleCloudPlatform / alloydb-python-connector

A Python library for connecting securely to your AlloyDB instances.
Apache License 2.0
29 stars 7 forks source link

Verify PSC DNS name is present as a SAN in the server certificate #324

Open nancynh opened 5 months ago

nancynh commented 5 months ago

Verify PSC DNS name is present as a SAN in the server certificate. It means removing the existing workaround to check the private IP address instead of the DNS name (https://github.com/GoogleCloudPlatform/alloydb-python-connector/pull/291).

jackwotherspoon commented 5 months ago

is this a duplicate of #313 ?

enocom commented 5 months ago

Yes, let's use this one for tracking.

jackwotherspoon commented 5 months ago

Good context on the trailing dot being stripped https://github.com/dpkp/kafka-python/pull/2374#issuecomment-1669886921

jackwotherspoon commented 2 months ago

More good context on this thread: https://github.com/openssl/openssl/issues/11560

enocom commented 2 months ago

Thanks to @jackwotherspoon for finding this:

https://github.com/openssl/openssl/issues/11560#issuecomment-1631520748

TL;DR: SANs shouldn't have trailing dots.

enocom commented 2 months ago

RFC 6066 says no trailing dots in SANs.