Wildcard domains in SAN are not matching · Issue #462 · oracle/python-oracledb (original) (raw)

Our connections started giving an error for the certificate to hostname mismatch after updating to version 3.0.0. It seems that the new version doesn't allow matching wildcards in the Subject Alternative Names.

This code is probably the cause and seems to be matching with exact values only: https://github.com/oracle/python-oracledb/blob/main/src/oracledb/impl/thin/crypto.pyx#L67-L72

However, Oracle Cloud's ADBs present a wildcard certificate that was verified and accepted with previous versions of python-oracledb.

Our ADB instance has address in the form <instaceid>.adb.eu-amsterdam-1.oraclecloud.com and the certificate has SANs: adb.eu-amsterdam-1.oraclecloud.com, *.adb.eu-amsterdam-1.oraclecloud.com, *.adb.eu-amsterdam-1.oraclevcn.com

1. What versions are you using?

3.0.0

Database is the Oracle Autonomous Database (ADB) in Oracle Cloud

1. Is it an error or a hang or a crash?

Error

1. What error(s) or behavior you are seeing?

DPY-6006: The name on the server certificate does not match the expected value: "<id>.adb.eu-amsterdam-1.oraclecloud.com

1. Does your application call init_oracle_client()?

I'm not sure.

1. Include a runnable Python script that shows the problem.

N/A