Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1182

Load Windows trusted CA by default when no CA configured

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major - P3
    • Resolution: Done
    • 1.4.0
    • 1.4.0
    • None

    Description

      The server will be making providing an explicit CA optional, and default on the system provided (OpenSSL) defaults.

      We do the same as of CDRIVER-1142, but OpenSSL doesn't ship with default certificates and it appears rare that people explicitly fetch the Mozilla bundle or other bundles.

      We can, and should, trust the Windows cert store for this.

      When no explicit CA option is provided (mongoc_ssl_opt_t.ca_file and .ca_dir) we should extract the CAs from the Windows cert store and load them into OpenSSL.

      Even though we'll support Windows native Secure Channel, I think we should still do this for those resisting and continue to use OpenSSL on Windows.

      Attachments

        Issue Links

          Activity

            People

              bjori Hannes Magnusson
              bjori Hannes Magnusson
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: