-
Type: Improvement
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
There are currently no end-to-end tests for our OCSP cache. While there is no clear guidance from the OCSP Support Test Plan on how to test it, there is clear guidance on the expected behavior of the cache. We should create end-to-end tests to ensure our cache works as expected. I propose that we test our cache by:
- Starting an invalid mock OCSP responder that revokes all certificates.
- Running a mongod with a cert that lists that responder as it's OCSP responder.
- Ensuring that the cert has been revoked.
- Shutting down the invalid mock OCSP responder and starting up a valid OCSP responder with the same address.
- Ensuring the cert is still revoked.
We should retrieve the OCSP response information from our cache during the last step and avoid querying the valid OCSP responder.
- is depended on by
-
CDRIVER-3408 OCSP Support
- Closed
- is related to
-
CDRIVER-3617 Caching OCSP revocation status
- Closed