Feat: Add HostNameInCertificate for strict encryption #589
+3,112
−1,135
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
Adds support for specifying the host name to validate in the server certificate when using strict encryption.
- Introduces
HostNameInCertificateinConnectSettingsand includes it in the connection string query parameters. - Enhances CLI parsing to accept
-Ns:<hostname>or-Nstrict:<hostname>and updates related tests. - Updates documentation and error messages to describe the new switch behavior.
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/sqlcmd/sqlcmd_test.go | Added a test case for strict encryption with hostname in certificate |
| pkg/sqlcmd/connect.go | Introduced HostNameInCertificate field and query-string addition |
| cmd/sqlcmd/sqlcmd_test.go | Extended CLI argument tests and encryption option tests |
| cmd/sqlcmd/sqlcmd.go | Updated flag parsing, regex for strict encryption, and help text |
| README.md | Documented the new strict-encryption hostname argument |
Comments suppressed due to low confidence (4)
cmd/sqlcmd/sqlcmd_test.go:112
- Add an assertion to verify that
args.HostNameInCertificateis correctly populated for the-Ns:myserver.domain.comcase to ensure full parsing coverage.
return args.EncryptConnection == "s:myserver.domain.com"
README.md:133
- Clarify the switch syntax by showing both shorthand and full forms, e.g.
-Ns:<hostname>or-Nstrict:<hostname>, to avoid confusion with the bracketed notation.
- To provide the value of the host name in the server certificate when using strict encryption, append the name after a `:` to the `-Ns[trict]`. Example: `-Ns:myhost.domain.com`
pkg/sqlcmd/connect.go:61
- [nitpick] Add a note that this field only applies when
Encryptis set tostrict, to clarify its intended usage.
// The HostNameInCertificate is the name to use for the host in the certificate validation
cmd/sqlcmd/sqlcmd_test.go:588
- [nitpick] Rename the test struct field
hostnameincertificatetohostnameInCertificatefor consistency with Go naming conventions and the production struct field.
hostnameincertificate string
|
Change of plans....next iteration, I will change |
added 2 commits
June 25, 2025 11:22
|
i will generate new localization files after merging the driver update change when it goes to main, just to avoid dealing with merge conflicts. |
stuartpa
approved these changes
Jun 28, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #504
Since ODBC sqlcmd uses
-Ffor the host name, we are going to follow suit and switch to--verticalas the parameter to turn on vertical output formatting.sqlcmd -S someserver -Nstrict -F *.mydomain.com