CSFLE tests failing with certificate validation errors

XMLWordPrintableJSON

    • None
    • None
    • None
    • None
    • None
    • None

      Many of the CSFLE tests currently fail and/or are flaky as a result of certificate validation errors. The problematic tests are:

      /client_side_encryption/datakey_and_double_encryption
      /client_side_encryption/corpus
      /client_side_encryption/custom_endpoint
      /client_side_encryption/kms_tls/wrong_host
      /client_side_encryption/kms_tls_options
      

      Some of the errors messages produced include:

      TLS handshake failed: Failed OCSP verification
      
      mongoc: OCSP response failed verification: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error
      
      [TLS handshake failed: Failed certificate verification] does not contain [IP address mismatch]
      

      They are currently being skipped, so to work on them, it will first be necessary to remove them from .evergreen/skip-tests.txt and run a patch build to determine the current failure mode(s).

              Assignee:
              Ezra Chung
              Reporter:
              Roberto Sanchez
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: