Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-1446

Always enable TLS when any TLS option is specified

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Minor - P4 Minor - P4
    • 1.7.0
    • Affects Version/s: None
    • Component/s: None
    • None

      The implementation of PHPC-1288 included a subtle change to how TLS-related driver options are applied the the mongoc_uri_t struct. Previously, those options set SSL opts directly on the libmongoc client after URI construction. Now, those options populate values for their corresponding TLS URI options on the mongoc_uri_t prior to client construction.

      This means that any TLS-related driver option will now implicitly enable TLS connections (per CDRIVER-2130), unless the tls (or ssl) URI option is explicitly disabled.

      We should determine whether it's worth implementing a workaround specifically so that the presence of a TLS-related driver option (regardless of value) does not enable TLS connections. This would preserve BC and the inconsistency.

      Alternatively, we can aim to make our driver options consistent with CDRIVER-2130. This would require some documentation and likely additional work to ensure that driver options with no URI option equivalent (e.g. "crl_file") also enable TLS.

      Note: the spec intentionally leaves this behavior up to drivers.

            Assignee:
            andreas.braun@mongodb.com Andreas Braun
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: