Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2072

Clarify behavior for conflicting TLS URI options

    • Type: Icon: Spec Change Spec Change
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: URI Options
    • None
    • Needed

      Currently the spec is somewhat unclear as to what drivers should do when parsing conflicting TLS options when the driver does not implement one or more of the conflicting options. 

      The spec currently defines combinations of TLS options that should result in an error here

      Option 1: Drivers should throw an error upon encountering a URI with conflicting TLS options if and only if the driver supports all the TLS options in the URI.

      This is somewhat implied by the current test plan: "Note that there are tests for each of the options marked as optional; drivers will need to implement logic to skip over the optional tests that they don’t implement."

      Option 2: Drivers should throw an error upon encountering a URI with conflicting TLS options, regardless of whether or not the driver supports all the TLS options in the URI.
       
      Quoting sam.rossi: "Given that the goal of these requirements is to avoid users accidentally configuring a client to be in a state where the TLS constraints are different than they'd expect, it seems like it's worth failing loudly even if tlsAllowInvalidCertificates is not supported by the driver, as it would still signify that the user would likely be surprised by the actual behavior that the driver would proceed with if it didn't error."

      cc: divjot.arora

            Assignee:
            Unassigned Unassigned
            Reporter:
            vincent.kam@mongodb.com Vincent Kam (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: