-
Type: Bug
-
Resolution: Fixed
-
Priority: Minor - P4
-
Affects Version/s: None
-
Component/s: None
-
None
The implementation of PHPC-1288 included a subtle change to how TLS-related driver options are applied the the mongoc_uri_t struct. Previously, those options set SSL opts directly on the libmongoc client after URI construction. Now, those options populate values for their corresponding TLS URI options on the mongoc_uri_t prior to client construction.
This means that any TLS-related driver option will now implicitly enable TLS connections (per CDRIVER-2130), unless the tls (or ssl) URI option is explicitly disabled.
We should determine whether it's worth implementing a workaround specifically so that the presence of a TLS-related driver option (regardless of value) does not enable TLS connections. This would preserve BC and the inconsistency.
Alternatively, we can aim to make our driver options consistent with CDRIVER-2130. This would require some documentation and likely additional work to ensure that driver options with no URI option equivalent (e.g. "crl_file") also enable TLS.
Note: the spec intentionally leaves this behavior up to drivers.
- is related to
-
PHPC-1288 Implement Unified URI Options
- Closed
-
CDRIVER-2130 Any "ssl" config option in URI should turn on SSL/TLS
- Closed
- related to
-
CDRIVER-3369 mongoc_uri_get_tls case-sensitivity is inconsistent with other option functions
- Closed
-
CDRIVER-3428 Implicitly enable TLS for tlsInsecure and tlsCertificateKeyFilePassword URI opts
- Closed
-
PHPC-1450 Document rules by which TLS is implicitly enabled
- Closed
- links to