-
Type: Improvement
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Minor Change
In previous releases of PyMongo, if the user passed ssl=True as a keyword argument (or "ssl=true" in the URI) with no other ssl options we set up an SSLContext without certificate verification.
This feature changes the driver's behavior to assume the user wants certificate verification with hostname matching, if at all possible. If ssl=True is passed with no other ssl options we will do the following:
- Create an SSLContext object as usual (our fake SSLContext if the python ssl module doesn't provide one).
- If SSLContext.load_default_certs is available, call it to load system CA certificates (only CPython >=2.7.9, CPython >=3.4.0, and pypy >= 2.5.1 provide load_default_certs).
- If not, but SSLContext.set_default_verify_paths is available and we aren't on Windows, call it to load system CA certificates (set_default_verify_paths is OpenSSL specific and doesn't do anything useful on Windows).
- Otherwise raise ConfigurationError with a message telling the user to provide a value for `ssl_ca_certs` or pass ssl.CERT_NONE for `ssl_cert_reqs`.
Note - just because load_default_certs / set_default_verify_paths is available doesn't guarantee that it will be able to load any ca certificates, or that any loaded ca certificates can be used to verify the server's certificate. Users of "self-signed" certs or certs signed by a less well known or trusted CA may still have to use the ssl_ca_certs option.
To be clear, this means ssl_cert_reqs will be ssl.CERT_REQUIRED, unless the user tells us otherwise. The objective is to automatically do the most secure thing possible.
- is depended on by
-
DRIVERS-214 Default to verifying certificates against default CA certificates
- Closed