-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Not Needed
-
Currently, the OCSP certificate verification code in the Go driver will return an error if the passed-in Context is cancelled or passes its deadline (see here). However, the OCSP spec describes that drivers should "soft fail" anytime the OCSP responders are unreachable for any reason. The current Go driver behavior violates that expectation by returning errors under specific circumstances.
Related to HELP-33323.
Definition of done:
- The Go driver never returns an error when attempting to contact the OCSP responders for certificate status.
- Write a test that asserts that the passed-in context is honored for timeout/cancellation but timeout/cancellation does not result in an error fetching certificate status.
- Fix is back-ported to the cloud-1.7.1 release branch.