Skip to content

feat: Use standard TLS hostname validation for instances with DNS names. #2125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 19, 2025
Merged

feat: Use standard TLS hostname validation for instances with DNS names. #2125

merged 1 commit into from
Mar 19, 2025

Conversation

@hessjcg
Copy link
Collaborator

@hessjcg hessjcg commented Mar 12, 2025
edited
Loading

When the connector is configured with a DNS name, or if the Cloud SQL Instance reports that it has a DNS Name,
the connector will use standard TLS hostname validation when checking the server certificate. Now, the server's
TLS certificate must contain a SAN record with the instance's DNS name.

The ConnectSettings API added a field dns_names which contains all of the valid DNS names for
an instance..

See also GoogleCloudPlatform/cloud-sql-go-connector#954

@hessjcg hessjcg requested a review from a team as a code owner March 12, 2025 03:19
jackwotherspoon
jackwotherspoon approved these changes Mar 17, 2025
View reviewed changes
Copy link
Collaborator

@jackwotherspoon jackwotherspoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, as long as we have manually tested on a real instance 👍

@hessjcg hessjcg force-pushed the cas-dns-names-field branch from b2251d2 to 05117dd Compare March 18, 2025 20:50
@hessjcg hessjcg changed the title refactor: Use new ConnectSettings.DnsNames field to validate server TLS certificate feat: Use standard TLS hostname validation for instances with DNS names. Mar 19, 2025
@hessjcg hessjcg force-pushed the cas-dns-names-field branch from 05117dd to 2b03734 Compare March 19, 2025 19:22
@hessjcg hessjcg force-pushed the cas-dns-names-field branch from 2b03734 to 0f35e01 Compare March 19, 2025 19:43
@hessjcg hessjcg merged commit a892017 into main Mar 19, 2025
17 checks passed
@hessjcg hessjcg deleted the cas-dns-names-field branch March 19, 2025 20:34
@release-please release-please bot mentioned this pull request Mar 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackwotherspoon jackwotherspoon jackwotherspoon approved these changes

Assignees

@jackwotherspoon jackwotherspoon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hessjcg @jackwotherspoon