Cannot connect to Google Cloud SQL using SSL + Golang from Google App Engine

3
votes

Google says you can connect to Google Cloud SQL using Golang and the go-sql-driver like so:

import "database/sql"
import _ "github.com/go-sql-driver/mysql"

db, err := sql.Open("mysql", "user@cloudsql(project-id:instance-name)/dbname")

ref: https://cloud.google.com/appengine/docs/go/cloud-sql/reference

... However, this (for me) generates a x509 certificate error:

x509: certificate is valid for projectName:instanceName, not projectName

I cannot figure out how to solve this. Adding the instance name again (even though it's already there) in the connection string does not help, nor is correct according to Google's own docs.

Has anyone managed to make this work? What is wrong?

1
mysqlgoogle-app-enginegogoogle-cloud-sql
I'm hoping you can share more info about your setup. Are you running on App Engine? Are you running first/second generation? - Kevin Malachowski
Thanks for the response... solved in the question below. :) - Ben Guild
By the way, this was for first generation, but I'm running into this error trying to make it work on second generation: TLS requested but server does not support TLS - Ben Guild

1 Answers

4
votes

Are you connecting with SSL? This error message indicates that must set the ServerName property when you register your custom TLSConfig with the mysql driver, in addition to specifying the project-id:instance-name inside sql.Open().

e.g. Use the TLS setup from the docs, but add a ServerName in your call to RegisterTLSConfig:

mysql.RegisterTLSConfig("custom", &tls.Config{
            RootCAs:      rootCertPool,
            Certificates: clientCert,
            ServerName:   "projectName:instanceName",
        })

Then append ?tls=nameOfYourCustomTLSConfig

db, err := sql.Open("mysql", "user@cloudsql(project-id:instance-name)/dbname?tls=custom")