-
Type: Improvement
-
Resolution: Done
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
The new default for certificate revocation checking is true, per the new OCSP spec, and this may break user applications if their certificates fail revocation checking: this happened to our tests because x509gen certs in drivers-evergreen-tools fail revocation checking. Currently, certificate revocation checking can only be specified with code: thus any application upgrading to a version of the driver that enables this option by default and whose servers ' certificates fail revocation checking would need to disable certificate revocation checking in every single MongoClient in their application: a tedious process especially since MongoClients in our driver are lightweight. Adding a URI option would make it easier for affected applications to upgrade as they could simply update their connection string.
If we decide to do to this, we should also create a spec ticket