Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check that the server certificate CN matches the instance name #1995

Closed
hessjcg opened this issue May 22, 2024 · 0 comments · Fixed by #2017
Closed

Check that the server certificate CN matches the instance name #1995

hessjcg opened this issue May 22, 2024 · 0 comments · Fixed by #2017
Assignees
@hessjcg
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@hessjcg
Copy link
Collaborator

hessjcg commented May 22, 2024
edited
Loading

Feature Description

During the TLS authentication, the server certificate CN field should match the instance name. Add a custom TrustManager that will check the CN field and reject it if the name does not match the instance name.
@hessjcg hessjcg added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels May 22, 2024
@hessjcg hessjcg self-assigned this May 22, 2024
hessjcg added a commit that referenced this issue May 22, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995

Verified

This commit was signed with the committer’s verified signature.
jviau Jacob Viau
GPG key ID: 8D282F9CF88AA887
Verified
Learn about vigilant mode
Loading
Loading status checks…
3b6fe2c
@hessjcg hessjcg mentioned this issue May 23, 2024
Open
hessjcg added a commit that referenced this issue May 24, 2024
@hessjcg
chore: Manage test certificates as files with an OpenSSL script. Part…

Verified

This commit was signed with the committer’s verified signature.
jviau Jacob Viau
GPG key ID: 8D282F9CF88AA887
Verified
Learn about vigilant mode
807e772 
… of #1995
hessjcg added a commit that referenced this issue May 24, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
7939888
hessjcg added a commit that referenced this issue May 24, 2024
@hessjcg
chore: Manage test certificates as files with an OpenSSL script. Part…
55a1c5e 
… of #1995
hessjcg added a commit that referenced this issue May 28, 2024
@hessjcg
chore: Manage test certificates as files with an OpenSSL script. Part…
a3d29c9 
… of #1995
hessjcg added a commit that referenced this issue May 28, 2024
@hessjcg
chore: Manage test certificates as files with an OpenSSL script. Part…
d00aaf6 
… of #1995
hessjcg added a commit that referenced this issue May 28, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
91bd50e
hessjcg added a commit that referenced this issue May 28, 2024
@hessjcg
chore: Manage test certificates as files with an OpenSSL script. Part…
95db960 
… of #1995
hessjcg added a commit that referenced this issue May 28, 2024
@hessjcg
chore: Generate test certificates in java code. Part of #1995.
302171f
hessjcg added a commit that referenced this issue May 28, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
3e90ff4
hessjcg added a commit that referenced this issue May 29, 2024
@hessjcg
test: Script creation of TLS keys and certificates used in tests. (#2002
966a45d 
)

Update our tests so that the keys and certificates are generated at test time. This will make TLS tests more flexible
and easier to update.

Part of #1995
hessjcg added a commit that referenced this issue May 29, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
13b73d3
hessjcg added a commit that referenced this issue May 29, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
d7a93ac
hessjcg added a commit that referenced this issue May 29, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
ae7988b
hessjcg added a commit that referenced this issue May 29, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
dbc9bad
hessjcg added a commit that referenced this issue Jun 3, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
adf3cf7
hessjcg added a commit that referenced this issue Jun 3, 2024
@hessjcg
feat: Configure java connector to check CN instance name. Fixes #1995
e2e6e89
@hessjcg hessjcg closed this as completed in 9346117 Jun 3, 2024
@release-please release-please bot mentioned this issue Jun 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hessjcg hessjcg

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(main): release 1.19.0 GoogleCloudPlatform/cloud-sql-jdbc-socket-factory
1 participant
@hessjcg