-
Type:
New Feature
-
Resolution: Done
-
Priority:
Major - P3
-
None
-
Component/s: None
Like SERVER-10330, but for all drivers that support SSL. Drivers should by default refuse to connect to servers that present expired certificates, certificates that are not-yet-valid, certificates that do not match the host name that the client tried to connect to, certificates with bad signatures and revoked certificates, at least.
This behavior should be configurable by client code, in case the client intentionally wishes to ignore that the server's certificate is bad.
- depends on
-
-
- Closed
-
-
PYTHON-1072 Test validation of peer cert notBefore and notAfter fields
-
- Closed
-
-
PYTHON-1073 Support CRL files
-
- Closed
-
- is related to
-
-
- Closed
-
- related to
-
-
- Closed
-
-
-
- Closed
-