Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport of secrets/mysql: Add tls_server_name and tls_skip_verify parameters into release/1.12.x #18804

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #18799 to be assessed for backporting due to the inclusion of the label backport/1.12.x.

The below text is copied from the body of the original PR.


The MySQL implementation supports TLS verification and auth, however, when testing against Cloud SQL it was very painful to verify the CA. This is because Cloud SQL does not add IP SANs to the certificate. The SANs available reference internal VM names which aren't easily obtainable as a user. I've added these parameters to make the engine more flexible. Although the connection url does support these, the MySQL driver stores a tls.Config and references it by name in the connection URL, so it makes sense to add these there.


Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/mysql-tls-server-name/previously-daring-aardvark branch 2 times, most recently from 62e8aaa to 863f47f Compare January 23, 2023 20:07
@jasonodonnell jasonodonnell enabled auto-merge (squash) January 23, 2023 20:09
@jasonodonnell jasonodonnell added this to the 1.12.3 milestone Jan 23, 2023
@jasonodonnell jasonodonnell merged commit 3412bb2 into release/1.12.x Jan 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants