Uploaded image for project: 'Ruby Driver'
  1. Ruby Driver
  2. RUBY-1608

Implement functionality to enable/disable TLS hostname verification

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 2.7.0.rc0
    • None
    • None
    • Minor Change

    Description

      Prior to OpenSSL 1.0.2, hostnames were not verified when initiating a TLS connection. Because of this, whether or not the driver defaults to verifying hostnames is dependent on the version of OpenSSL the user has installed. To ensure consistent behavior, we should create client option (and map "tlsAllowInvalidHostnames" in the URI to this option) to allow invalid hostnames and then always pass an option to OpenSSL signifying whether to verify hostnames. The logic for determining whether hostnames should be verified is the following:

       

      tlsAllowInvalidHostnames tlsInsecure option passed to OpenSSL
      unspecified unspecified verify hostnames
      unspecified false verify hostnames
      unspecified true do not verify hostnames
      false * verify hostnames
      true * do not verify hostnames

      Attachments

        Activity

          People

            sam.rossi@mongodb.com Samuel Rossi (Inactive)
            sam.rossi@mongodb.com Samuel Rossi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: