-
Type: Improvement
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
The mongo client has two options that deal with invalid/incorrect certificates:
--sslAllowInvalidHostnames allow connections to servers with non-matching hostnames --sslAllowInvalidCertificates allow connections to servers with invalid certificates
But the C driver only has a flag in ssl_opts to turn off invalid certificate checking (weak_cert_validation): http://api.mongodb.org/c/current/mongoc_ssl_opt_t.html
PHP's SSL layer has something similar through its ``verify_peer_name`` and ``allow_self_signed`` SSL context options.
This currently means, that by using the CDRIVER in Hippo, I can't make all tests pass, as the peer name ("server") does not match the server name as in CDRIVER-841. I can turn on ``allow_self_signed`` to allow connecting, but that's more than I should be having to do. Allowing an extra option specifically for peer verification would be required to allow Hippo to past the Phongo tests.
- is related to
-
CDRIVER-1133 Add support for SSL verification options matching the server
- Closed
-
CDRIVER-841 Improve SSL connection error messages
- Closed