You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Terraform v1.6.1
on darwin_amd64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.21.0
Affected Resource(s)
It's transport issue inside provider itself.
sources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
We're managing PostgreSQL instances that are inside private subnet of our VPC - to establish connection to them we use SSH tunelling. On provider version 1.19 it was working fine with:
after upgrade to 1.21 we started getting (with above configuration):
│ Error: Error connecting to PostgreSQL server localhost (scheme: postgres): x509: certificate is valid for XXX.XXX.us-east-1.rds.amazonaws.com, XXX.XXX.us-east-1.rds.amazonaws.com, XXX.XXX.us-east-1.rds.amazonaws.com, XXX.XXX.us-east-1.rds.amazonaws.com, not localhost
current workaround we employed (TBH we will stick with IP address instead of domain name, so from our perspective that's not a workaround) - we changed domain alias to direct IP address, so our current configuration looks like:
When sslmode is set to verify-ca provider should not complain about domain mismatch (or at least provide way to set sslsni in pq library, if from RfC perspective complaining about mismatch is desired outcome).
Actual Behavior
When tuneling access to database through SSH providers is complaining about domain mismatch, even if sslmode is set to verfiy-ca.
Steps to Reproduce
Use provider 1.21 (it should be also reproduceable on 1.20)
Tunel access to DB via SSH.
Use domain (instead of IP address) in provider configuration.
AFAIK you need to have at least one resource declared using this provider.
Observe provider complaining about domain mismatch.
Terraform Version
Affected Resource(s)
It's transport issue inside provider itself.
sources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
We're managing PostgreSQL instances that are inside private subnet of our VPC - to establish connection to them we use SSH tunelling. On provider version 1.19 it was working fine with:
after upgrade to 1.21 we started getting (with above configuration):
current workaround we employed (TBH we will stick with IP address instead of domain name, so from our perspective that's not a workaround) - we changed domain alias to direct IP address, so our current configuration looks like:
This workaround was inspired by: https://github.com/lib/pq/pull/1088/files#diff-22787c14a71947ab97f63d989464974b815e5b70a4cd27699215ea448a493f29R58-R60
Expected Behavior
When
sslmode
is set toverify-ca
provider should not complain about domain mismatch (or at least provide way to setsslsni
inpq
library, if from RfC perspective complaining about mismatch is desired outcome).Actual Behavior
When tuneling access to database through SSH providers is complaining about domain mismatch, even if
sslmode
is set toverfiy-ca
.Steps to Reproduce
References
pq
library: feat: Bump lib/pq from 1.10.4 to 1.10.7 #295pq
library: Set SNI for TSL connections lib/pq#1088The text was updated successfully, but these errors were encountered: