in core/src/main/java/com/google/cloud/sql/core/InstanceCheckingTrustManger.java [141:163]
private void checkSan(String dns, X509Certificate[] chain) throws CertificateException {
if (Strings.isNullOrEmpty(dns)) {
throw new CertificateException(
"Instance metadata for " + instanceMetadata.getInstanceName() + " has an empty dnsName");
}
List<String> sans = getSans(chain[0]);
for (String san : sans) {
if (san.equalsIgnoreCase(dns)) {
return;
}
}
try {
checkCn(chain);
} catch (CertificateException e) {
throw new CertificateException(
"Server certificate does not contain expected name '"
+ dns
+ "' for Cloud SQL instance "
+ instanceMetadata.getInstanceName());
}
}