We have a CNAME set in Route53 for our RDS cluster. When using that CNAME as host for MySQL connection we are getting ERR_TLS_CERT_ALTNAME_INVALID error (Hostname/IP does not match certificate's altnames).

SSL option in configuration is set to ssl: 'Amazon RDS'.

This is because the certificate from RDS doesn't have the CNAME listed as altname and AFAIK there is no way to do that in RDS.

This was working fine in mysql2 3.5.0 and broke in 3.5.1 with #2119 and the switch to Tls.connect.