AdamGlazerMW
commented
1 year ago Figured it out.
The solution is to add sslsni=0 to the connection parameters, so that the servername isn't explicitly checked
Closed AdamGlazerMW closed 1 year ago
AdamGlazerMW
commented
1 year ago Figured it out.
The solution is to add sslsni=0 to the connection parameters, so that the servername isn't explicitly checked
I have a setup where a Postgres DB hosted in AWS has a shorter CNAME configured in Route 53.
I've been using the shorter canonical name to connect to the DB with the common
rds-ca-2019-eu-west-1.pemup to lib/pq v1.10.5, but after upgrading to v1.10.7 I'm receiving the error messagex509: certificate is valid for dbname.hashcode.eu-west-1.rds.amazonaws.com, not dbname.company.internalwhen trying to connect to it.If I change the host in the connection params to
dbname.hashcode.eu-west-1.rds.amazonaws.comthen the error ceases, but I'm unable to make it work with the shorter hostIs this an AWS misconfiguration issue somewhere, or is this caused by the changes between 1.10.5 and 1.10.7 making the connection process stricter?