Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1157

Verify certificates during handshake

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 1.4.0
    • None
    • None
    • None

    Description

      Our current TLS abstraction does certificate verification as a completely seperate step after TLS handshake.

      This is very risky business and resulted in CDRIVER-1154.

      The protocol says you should do the certificate (and therefore hostname!) check during the handshake.
      This has the added benefit of failed check will result in an tls alert which mongod will log, over the just random closed connection.

      Attachments

        Activity

          People

            bjori Hannes Magnusson
            bjori Hannes Magnusson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: