-
Notifications
You must be signed in to change notification settings - Fork 335
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot connect to AWS RDS with new CA certs using VerifyFull #1467
Comments
Does the problem only happen when using the "ECC384" certs, not "RSA2048", or is that irrelevant to this issue? Are you requesting that MySqlConnector set If so, I can't decide if that should be:
|
it happens with both the ecc384 and rsa2048 CAs after more testing the behavior seems to only apply when you add the RDS CA certs to the global trust store (on linux |
Correct: Or are you saying that when that happens, |
when the RDS CA certs are added to the global trust store
|
Software versions
MySqlConnector version: 2.3.6
Server type (MySQL, MariaDB, Aurora, etc.) and version: MariaDB 10.6.17
.NET version: .net6
(Optional) ORM NuGet packages and versions:
Describe the bug
I tried to update your RDS instance from the old
rds-ca-2019
CA to the newrds-ca-ecc384-g1
CAUnfortunately it did not work, it gives the exception The remote certificate was rejected by the provided RemoteCertificateValidationCallback
Exception
Expected behavior
I expect that the certificate present by AWS is validated by the CA bundle provided by AWS and the remote name matches
Additional context
RDS bundle https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem
I performed some debugging using my own
RemoteCertificateValidationCallback
and the current error seems to be because ofX509RevocationMode.Online
The text was updated successfully, but these errors were encountered: