You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello! I'm developing a Vapor app using Planetscale (serverless MySQL) as my database. In running my application, I receive a NIOSSLExtraError.failedToValidateHostname: Couldn't find <none> in certificate from peer error.
I am using the default TLS configuration in connecting to the database, with my app's database configuration step being: app.databases.use(try .mysql(url: Environment.get("DATABASE_URL") ?? "mysql://username:password@127.0.0.1:3306/state-app-db"), as: .mysql).
After some investigating, I see that MySQLConnectionSource.makeConnection(logger:on:), in calling MySQLConnection.connect(to:username:database:password:tlsConfiguration:serverHostname:logger:on:) does not pass in the server host name from MySQLConnectionSource.configuration._hostname to the serverHostname parameter. As this happens, serverHostname defaults to nil, which becomes a problem when swift-nio-ssl attempts to validate any hostnames received as subject alternative names in TLS certificates. Essentially, leaving serverHostname as nil gives nothing for swift-nio-ssl to validate against during its hostname validation step, which seems to become a problem when needing to check against subject alternative names that are hostnames (DNS identifiers).
I've found that in just simply passing the host name from configuration to the connect call, like so,
public struct MySQLConnectionSource: ConnectionPoolSource {
public let configuration: MySQLConfiguration
...
public func makeConnection(logger: Logger, on eventLoop: EventLoop) -> EventLoopFuture<MySQLConnection> {
...
return MySQLConnection.connect(
...
serverHostname: self.configuration._hostname,
...
)
}
}
the issue seems to resolve and the connection works.
Would this fix be reasonable?
Thank you!
Vapor Toolbox version: 18.5.1
OS version: macOS 12.4
The text was updated successfully, but these errors were encountered:
Hello! I'm developing a Vapor app using Planetscale (serverless MySQL) as my database. In running my application, I receive a
NIOSSLExtraError.failedToValidateHostname: Couldn't find <none> in certificate from peer
error.I am using the default TLS configuration in connecting to the database, with my app's database configuration step being:
app.databases.use(try .mysql(url: Environment.get("DATABASE_URL") ?? "mysql://username:password@127.0.0.1:3306/state-app-db"), as: .mysql)
.After some investigating, I see that
MySQLConnectionSource.makeConnection(logger:on:)
, in callingMySQLConnection.connect(to:username:database:password:tlsConfiguration:serverHostname:logger:on:)
does not pass in the server host name fromMySQLConnectionSource.configuration._hostname
to theserverHostname
parameter. As this happens,serverHostname
defaults to nil, which becomes a problem whenswift-nio-ssl
attempts to validate any hostnames received as subject alternative names in TLS certificates. Essentially, leavingserverHostname
asnil
gives nothing forswift-nio-ssl
to validate against during its hostname validation step, which seems to become a problem when needing to check against subject alternative names that are hostnames (DNS identifiers).I've found that in just simply passing the host name from
configuration
to theconnect
call, like so,the issue seems to resolve and the connection works.
Would this fix be reasonable?
Thank you!
The text was updated successfully, but these errors were encountered: