Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2559

wrong-host.pem cert in drivers-evergreen-tools is missing subjectAltName field

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Unknown Unknown
    • None
    • None
    • None
    • Not Needed

    Description

      The wrong-host.pem cert in drivers-evergreen-tools is missing the subjectAltName field and leads to a warning from pyopenssl:

       [2023/02/23 20:38:07.893] test_01_aws (test.test_encryption.TestKmsTLSOptions) ... /System/Volumes/Data/data/mci/a1ed7438a8f2faff8afef48c72af9dd7/src/venv-encryption/lib/python3.9/site-packages/service_identity/pyopenssl.py:74: SubjectAltNameWarning: Certificate with CN 'wronghost.com' has no `subjectAltName`, falling back to check for a `commonName` for now.  This feature is being removed by major browsers and deprecated by RFC 2818.  service-identity will remove the support for it in mid-2018.
       [2023/02/23 20:38:07.893]   cert_patterns=extract_ids(connection.get_peer_certificate()),
      

      https://evergreen.mongodb.com/task/mongo_python_driver_test_macos_encryption__platform~macos_1100_auth~auth_ssl~nossl_encryption~encryption_crypt_shared_test_latest_sharded_cluster_32faa261b68a2fd33c16b1ab88f97bb73b58e85d_23_02_23_19_09_11

      We should regenerate this cert with the correct subjectAltName field.

      Attachments

        Activity

          People

            Unassigned Unassigned
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: