Hostname verification is unconditionally disabled for all SQL clients using ConnectionFactoryBase. This makes PG and MySQL
clients incorrectly accept certificates that do not contain the expected hostname when the SSL mode is set to VERIFY_FULL or VERIFY_IDENTITY, respectively.
This PR fixes the bugs and adds tests for the correct behavior. The test server certificate for MySQL is also updated, as the previous one has a CN that's not a valid host name. The certificate is replaced with a new one using the same key, but with CN=mysql.vertx.test as the subject DN.
Motivation:
Hostname verification is unconditionally disabled for all SQL clients using
ConnectionFactoryBase. This makes PG and MySQL clients incorrectly accept certificates that do not contain the expected hostname when the SSL mode is set toVERIFY_FULLorVERIFY_IDENTITY, respectively.This PR fixes the bugs and adds tests for the correct behavior. The test server certificate for MySQL is also updated, as the previous one has a CN that's not a valid host name. The certificate is replaced with a new one using the same key, but with
CN=mysql.vertx.testas the subject DN.Fixes #1419