Details
-
Improvement
-
Resolution: Won't Do
-
Major - P3
-
None
-
None
-
None
-
None
Description
Description of Drivers Ticket:
The certificates in drivers-evergreen-tools currently have two OCSP endpoints defined, with the mock responder listening on the port defined in endpoint #2 in order to test whether a driver's TLS library will utilize all endpoints defined in a certificate to determine its revocation status.
john.stewart and I determined that Java hard-fails when it is unable to reach out to an OCSP endpoint, even if there is another valid endpoint available. Thus in order for Java (and drivers whose TLS library exhibits similar behavior), we must create a series of certificates with only a single OCSP endpoint defined.
See DRIVERS-1216 for updated details.