18 Apr
2019
18 Apr
'19
11:52 a.m.
On 18 April 2019 11:34 TG Servers via dovecot dovecot@dovecot.org wrote:
Hi,
when using ssl_verify_server_cert in mysql connection string, is the cert verified also against SAN (DNS and IP)? Because this doesn't seem to work. I get a certification verification error in handshake when connecting via IP. But the cert is good as the connection via IP (and IP in the SAN of the cert) works from other applications verifying.
Thanks.
Dovecot does consider SAN names too, but for MySQL driver, we use MYSQL_OPT_SSL_VERIFY_SERVER_CERT setting. Then you need to use ssl_ca or ssl_ca_path in the mysql driver config file to point to acceptable CAs.
Aki