wrong-host.pem cert in drivers-evergreen-tools is missing subjectAltName field

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Unresolved
    • Priority: Unknown
    • None
    • Component/s: None
    • None
    • Not Needed

      The wrong-host.pem cert in drivers-evergreen-tools is missing the subjectAltName field and leads to a warning from pyopenssl:

       [2023/02/23 20:38:07.893] test_01_aws (test.test_encryption.TestKmsTLSOptions) ... /System/Volumes/Data/data/mci/a1ed7438a8f2faff8afef48c72af9dd7/src/venv-encryption/lib/python3.9/site-packages/service_identity/pyopenssl.py:74: SubjectAltNameWarning: Certificate with CN 'wronghost.com' has no `subjectAltName`, falling back to check for a `commonName` for now.  This feature is being removed by major browsers and deprecated by RFC 2818.  service-identity will remove the support for it in mid-2018.
 [2023/02/23 20:38:07.893]   cert_patterns=extract_ids(connection.get_peer_certificate()),

      https://evergreen.mongodb.com/task/mongo_python_driver_test_macos_encryption__platform~macos_1100_auth~auth_ssl~nossl_encryption~encryption_crypt_shared_test_latest_sharded_cluster_32faa261b68a2fd33c16b1ab88f97bb73b58e85d_23_02_23_19_09_11

      We should regenerate this cert with the correct subjectAltName field.

            Assignee:
            Unassigned
            Reporter:
            Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: