Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-2578

KMS requests should use ssl.CERT_REQUIRED instead of None for clarity

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.12, 4.0
    • Affects Version/s: None
    • Component/s: Encryption
    • None

      In PyMongo cert_reqs=None and cert_reqs=ssl.CERT_REQUIRED are identical. When doing KMS lookups for CSFLE we create a SSLContext which performs cert verification, hostname verification and enables SNI. Using cert_reqs=None is secure but it is a little confusing.

      We should instead use cert_reqs=ssl.CERT_REQUIRED for clarity.

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: