3.1.0: The distinguished name (DN) on the server certificate does not match the expected value

[tvb]

1. What versions are you using?

AWS Lambda Python 3.11 with a lambda layer for the oracledb module (otherwise the Lambda function is too large and won't be able to upload):

platform.platform: Linux-5.10.235-247.919.amzn2.x86_64-x86_64-with-glibc2.26
--
sys.maxsize > 2**32: True
platform.python_version: 3.11.11
oracledb.__version__: 3.1.0

2. Is it an error or a hang or a crash?

Crash.

3. What error(s) or behavior you are seeing?

When trying to connect to an AWS RDS Oracle Database we see the following behaviour:

Actual DN from RDS:

commonName=production-oracle-xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com,organizationalUnitName=RDS,organizationName=Amazon.com,localityName=Seattle,stateOrProvinceName=Washington,countryName=US

Error from Lambda:

$DPY-6005: cannot connect to database (CONNECTION_ID=xpBd39yXJCX7bySrkAsebA==).\nDPY-6002: The distinguished name (DN) on the server certificate does not match the expected value: 'CN=production-oracle-xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com,OU=RDS,O=Amazon.com,L=Seattle,ST=Washington,C=US'

(xxxxx is obsecured for company reason)

4. Does your application call init_oracle_client()?

It is running in thin mode.

5. Include a runnable Python script that shows the problem.

That is complicated and frankly impossible.

[tvb]

Turns out that in our code

        if self.server_cert_dn:
            security = f"(SECURITY=(SSL_SERVER_CERT_DN='{self.server_cert_dn}'))"

the '' around {self.server_cert_dn} now breaks for some reason. This was not the case before. We're not sure what is changed and when, but removing the single quotes fixed it for us.

[cjbj]

@tvb were you previously using an older version of python-oracledb?