mysql/mariadb: why the connection is not established when i replace DNS with its corresponding IP?

338 Views Asked by Mohamed At 08 September 2022 at 15:32

i have deployed mariadb on Azure with ssl enabled. The server name looks like : somename.mariadb.database.azure.com

i installed mariadb client on my jumpserver. I did nslookup somename.mariadb.database.azure.com and which gives 10.0.4.68.

However when i do :

1. mysql -h somename.mariadb.database.azure.com -u"benighil@somename" -p"I******4" --ssl-verify-server-cert --ssl-ca /home/rootvm/workdir/BaltimoreCyberTrustRoot.crt.pem THEN IT WORKS FINE

2. mysql -h 10.0.4.68 -u"benighil@somename" -p"I******4" --ssl-verify-server-cert --ssl-ca /home/rootvm/workdir/BaltimoreCyberTrustRoot.crt.pem IT DOES NOT WORK

Notice: in 2.

i just replaced the DNS by its IP
the error i got is :

ERROR 2026 (HY000): SSL connection error: The certificate is NOT trusted. The name in the certificate does not match the expected.

I would like to know why ?

Original Q&A

There are 1 best solutions below

Georg Richter On 08 September 2022 at 16:02

This is the relevant part in source code (MariaDB Connector/C):

if (X509_check_host(cert, mysql->host, 0, 0, 0) != 1
    && X509_check_ip_asc(cert, mysql->host, 0) != 1)
   goto error;

X509_check_host/ip checks if the hostname or IP are in Subject Alternative Name (SAN), or Subject CommonName (CN) - if not an error will be returned.

You can easily check this with openssl command line tool (version 1.1.1 or newer):

openssl s_client --starttls mysql somename.mariadb.database.azure.com:3306

mysql/mariadb: why the connection is not established when i replace DNS with its corresponding IP?

There are 1 best solutions below

Related Questions in MYSQL

Related Questions in SSL

Related Questions in MARIADB

Related Questions in AZURE-MYSQL-DATABASE

Related Questions in AZURE-DATABASE-MYSQL

Trending Questions

Popular # Hahtags

Popular Questions