Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1182

Load Windows trusted CA by default when no CA configured

    • Type: Icon: New Feature New Feature
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.4.0
    • Affects Version/s: 1.4.0
    • Component/s: None

      The server will be making providing an explicit CA optional, and default on the system provided (OpenSSL) defaults.

      We do the same as of CDRIVER-1142, but OpenSSL doesn't ship with default certificates and it appears rare that people explicitly fetch the Mozilla bundle or other bundles.

      We can, and should, trust the Windows cert store for this.

      When no explicit CA option is provided (mongoc_ssl_opt_t.ca_file and .ca_dir) we should extract the CAs from the Windows cert store and load them into OpenSSL.

      Even though we'll support Windows native Secure Channel, I think we should still do this for those resisting and continue to use OpenSSL on Windows.

            bjori Hannes Magnusson
            bjori Hannes Magnusson
            0 Vote for this issue
            3 Start watching this issue