-
Type:
Improvement
-
Resolution: Won't Fix
-
Priority:
Minor - P4
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
The inline ifdefs are escalating a bit quicker then I anticipated, even though there is a stream abstraction.
In an effort to avoid crazyness we should introduce mongoc_ssl_config_t that contains the current mongoc_ssl_opts_t, and essentials such as crypto engine and tls library type, and probably a callback table (mongoc_ssl_implementation_t?) for some of the functions (like which subject_extract to call).
The config could also possibly contain the cached X.509 data having read them in once, so protect us from re-reading the file (possibly removed in between!).
Original suggestion from Jesse:
I propose we create an ssl_config_t, which includes the ssl_opts_t, plus a pointer to an ssl_implementation_t that's a higher-level SSL and crypto abstraction, plus any cached values parsed from files. The pool or the client has an ssl_config_t. So, mongoc_ssl_extra_subject (config, filename) gets the config-specific implementation and calls that.
- is related to
-
CDRIVER-1115 Read X.509 only once
-
- Closed
-