-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Minor - P4
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
The implementation of PHPC-1288 included a subtle change to how TLS-related driver options are applied the the mongoc_uri_t struct. Previously, those options set SSL opts directly on the libmongoc client after URI construction. Now, those options populate values for their corresponding TLS URI options on the mongoc_uri_t prior to client construction.
This means that any TLS-related driver option will now implicitly enable TLS connections (per CDRIVER-2130), unless the tls (or ssl) URI option is explicitly disabled.
We should determine whether it's worth implementing a workaround specifically so that the presence of a TLS-related driver option (regardless of value) does not enable TLS connections. This would preserve BC and the inconsistency.
Alternatively, we can aim to make our driver options consistent with CDRIVER-2130. This would require some documentation and likely additional work to ensure that driver options with no URI option equivalent (e.g. "crl_file") also enable TLS.
Note: the spec intentionally leaves this behavior up to drivers.
- is related to
-
PHPC-1288 Implement Unified URI Options
-
- Closed
-
-
CDRIVER-2130 Any "ssl" config option in URI should turn on SSL/TLS
-
- Closed
-
- related to
-
-
- Closed
-
-
-
- Closed
-
-
PHPC-1450 Document rules by which TLS is implicitly enabled
-
- Closed
-
- links to