Unable to use skip-verify or equivalent when custom SSL is used

[evancarter-iex]

Host operating system: output of uname -a

Centos 7.3

mysqld_exporter version: output of mysqld_exporter --version

INFO[0000] Starting mysqld_exporter (version=0.11.0, branch=HEAD, revision=5d7179615695a61ecc3b5bf90a2a7c76a9592cdd)  source="mysqld_exporter.go:206"

MySQL server version

5.7

mysqld_exporter command line flags

/usr/local/bin/mysqld_exporter --config.my-cnf=$HOME/.my.cnf

What did you do that produced an error?

Using a custom SSL configuration, if the SSL cert is invalid, there is no way to ignore "skip-verify". This is important because some cloud providers SSL certs for Mysql connections do not include ips in them.

What did you expect to see?

An ability to connect using a custom cert and use "skip-verify" as documented here: https://golang.org/src/crypto/tls/common.go?s=12984:21448#L334.
Also according to mysql documentation, it doesnt normally check SSL certs when connecting unless specified to https://dev.mysql.com/doc/refman/5.7/en/encrypted-connection-options.html#option_general_ssl-mode

What did you see instead?

An error saying

Error pinging mysqld: x509: cannot validate certificate for X.X.X.X because it doesn't contain any IP SANs" source="exporter.go:119

[evancarter-iex]

@SuperQ is this something that is feasible to get done?

[SuperQ]

If you have a custom cert, you can pass the cert info via the my.cnf options. See the README.

Supporting the ssl-mode flag is possible, but I don't have time to implement this.

[evancarter-iex]

Yeah we passed the custom cert via the my.cnf. Its just it defaults to verify all, and cant override that.

[janevert]

@SuperQ , any idea when this issue would be in a release? The 0.12.1 release does not include this change.

Thanks.