Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1182

Load Windows trusted CA by default when no CA configured

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.4.0
    • Component/s: None
    • Labels:
    • Sprint:
      C Driver 2016 sprint 6

      Description

      The server will be making providing an explicit CA optional, and default on the system provided (OpenSSL) defaults.

      We do the same as of CDRIVER-1142, but OpenSSL doesn't ship with default certificates and it appears rare that people explicitly fetch the Mozilla bundle or other bundles.

      We can, and should, trust the Windows cert store for this.

      When no explicit CA option is provided (mongoc_ssl_opt_t.ca_file and .ca_dir) we should extract the CAs from the Windows cert store and load them into OpenSSL.

      Even though we'll support Windows native Secure Channel, I think we should still do this for those resisting and continue to use OpenSSL on Windows.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: