-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
The mock server indicates it supports TLS connections (providing mock_server_set_ssl_opts), but only appears to fully support TLS with OpenSSL.
In particular, this limitation came up in CDRIVER-3559, which required writing a mock server test to test speculative authentication. We were unable to fully test speculative authentication because of this limitation.
There are a lot of other TLS tests using the mock server, but those tests are limited to OpenSSL or Secure Transport.
It also appears all tests using the ssl_test are not run on Secure Channel either (see test-mongoc-stream-tls.c and test-mongoc-stream-tls-error.c).
If we really cannot support TLS connections in the mock server outside of OpenSSL, at the very least we should at least make the mock server clearly fail at runtime if configuring with TLS and Secure Channel so we don't need to rediscover this later.