> On 18 April 2019 11:34 TG Servers via dovecot <dovecot@dovecot.org> wrote: > > > Hi, > > when using ssl_verify_server_cert in mysql connection string, is the cert > verified also against SAN (DNS and IP)? > Because this doesn't seem to work. I get a certification verification error > in handshake when connecting via IP. > But the cert is good as the connection via IP (and IP in the SAN of the > cert) works from other applications verifying. > > Thanks. >
Dovecot does consider SAN names too, but for MySQL driver, we use MYSQL_OPT_SSL_VERIFY_SERVER_CERT setting. Then you need to use ssl_ca or ssl_ca_path in the mysql driver config file to point to acceptable CAs. Aki
