Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 1.4.0
Affects Version/s: None
Component/s: libmongoc, tls
Labels:
- intern2016

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

The mongo client has two options that deal with invalid/incorrect certificates:

  --sslAllowInvalidHostnames         allow connections to servers with 
                                     non-matching hostnames
  --sslAllowInvalidCertificates      allow connections to servers with invalid 
                                     certificates

But the C driver only has a flag in ssl_opts to turn off invalid certificate checking (weak_cert_validation): http://api.mongodb.org/c/current/mongoc_ssl_opt_t.html

PHP's SSL layer has something similar through its ``verify_peer_name`` and ``allow_self_signed`` SSL context options.

This currently means, that by using the CDRIVER in Hippo, I can't make all tests pass, as the peer name ("server") does not match the server name as in ~~CDRIVER-841~~. I can turn on ``allow_self_signed`` to allow connecting, but that's more than I should be having to do. Allowing an extra option specifically for peer verification would be required to allow Hippo to past the Phongo tests.

is related to

CDRIVER-1133 Add support for SSL verification options matching the server

Closed

CDRIVER-841 Improve SSL connection error messages

Closed

Assignee:: Hannes Magnusson (Inactive)
Reporter:: Derick Rethans
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Sep 15 2015 02:41:30 PM UTC
Updated:: Aug 10 2016 10:10:34 PM UTC
Resolved:: Jun 16 2016 03:12:23 AM UTC
Confidence Status Last Update:: 12/Apr/16 12:26 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates