-
Type:
New Feature
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: 1.4.0
-
Component/s: None
The server will be making providing an explicit CA optional, and default on the system provided (OpenSSL) defaults.
We do the same as of CDRIVER-1142, but OpenSSL doesn't ship with default certificates and it appears rare that people explicitly fetch the Mozilla bundle or other bundles.
We can, and should, trust the Windows cert store for this.
When no explicit CA option is provided (mongoc_ssl_opt_t.ca_file and .ca_dir) we should extract the CAs from the Windows cert store and load them into OpenSSL.
—
Even though we'll support Windows native Secure Channel, I think we should still do this for those resisting and continue to use OpenSSL on Windows.
- depends on
-
CDRIVER-1142 Load default distribution CAs if no ca_file and ca_dir are provided
-
- Closed
-
- is related to
-
-
- Closed
-
-
DRIVERS-302 Test connections to Mango
-
- Closed
-
- related to
-
-
- Closed
-