Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-2983

Add URI option to disable certificate revocation checking

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None

    Description

      The new default for certificate revocation checking is true, per the new OCSP spec, and this may break user applications if their certificates fail revocation checking: this happened to our tests because x509gen certs in drivers-evergreen-tools fail revocation checking. Currently, certificate revocation checking can only be specified with code: thus any application upgrading to a version of the driver that enables this option by default and whose servers ' certificates fail revocation checking would need to disable certificate revocation checking in every single MongoClient in their application: a tedious process especially since MongoClients in our driver are lightweight. Adding a URI option would make it easier for affected applications to upgrade as they could simply update their connection string.
       
      If we decide to do to this, we should also create a spec ticket 

      Attachments

        Activity

          People

            vincent.kam@mongodb.com Vincent Kam (Inactive)
            vincent.kam@mongodb.com Vincent Kam (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: