-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
This ticket depends on PYTHON-2040, which adds PyOpenSSL as an alternative TLS provider. Python's standard library ssl module provides no support for stapled OCSP responses, only parsing extensions for OCSP URIs. We're going to support OCSP, stapling and must-staple. OCSP support will be optional, enabled through the use of an "ocsp" extra. Feature support will also add dependencies on requests (to make OCSP requests) and cryptography (to create OCSP requests and verify OCSP responses, stapled or otherwise). Cryptography is already a dependency of PyOpenSSL, and our own pymongocrypt package.
- depends on
-
PYTHON-2040 Support PyOpenSSL
- Closed
- is depended on by
-
DRIVERS-704 OCSP Support
- Development Complete
-
PYTHON-2161 Add OCSP URI Option
- Closed
-
PYTHON-2132 Cache OCSP responses
- Closed
-
PYTHON-2144 Test OCSP support on macOS and Windows
- Closed
- is related to
-
PYTHON-2171 Test failure - test-ocsp-valid-cert-server-staples
- Closed
-
PYTHON-2147 OCSP callback should use the verified peer certificate chain to find the cert issuer
- Closed
-
PYTHON-2280 Investigate slow OCSP endpoint checks on Windows
- Closed