Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-1180

Fix peer certificate verification errors for SSL clusters

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.6.0, 1.6.0alpha2
    • Labels:
      None

      Description

      Historically, the PHPC test suite has used self-signed certificates for its test servers and disabled peer certificate verification in its SSL tests. Since changes in PHPC-1113 will now allow the entire test suite to be run against an SSL cluster, we'll need to come up with a more robust solution.

      Additionally, newer OpenSSL versions no longer support the hash that our generated keys use, so they need to be regenerated as well. The error when mongod starts is:

      2018-09-06T12:35:08.739+0100 E NETWORK  [main] cannot read certificate file: /home/derick/dev/php/derickr-mongo-php-driver/scripts/ssl/server.pem error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
      2018-09-06T12:35:08.739+0100 F CONTROL  [main] Failed global initialization: InvalidSSLConfiguration: Can not set up PEM key file.
      

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: