Hi folks,
My company is using a self-hosted instance of Retool in a GCP Compute Engine VM. We have the VM on a private network with a GCP SQL instance that we are using as Retool's external database.
This was working fine until we turned on SSL/TLS for the GCP SQL instance. AFAIK I have everything correctly configured for connecting, including with the correct certs mounted to the Docker containers for them to access. I am able to reach the GCP SQL instance with psql from within the VM.
When Retool tries to connect to the GCP SQL instance, however, the following error is thrown: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames.
After a lot of digging, my suspicion is this is because GCP expects the sslmode to be set to verify-ca and does not include proper DNS hostnames in the certificates it issues. Under the hood, I reckon that Retool (somehow) defaults or is hard-coded to sslmode=verify-full when SSL is turned on. I believe this because in my testing, if I try to configure psql to use `sslmode=verify-full when connecting from the VM command line, I get the same error.
Has anyone else seen anything like this? Thanks all.