OCSP specs fail because Atlas certs no longer include OCSP endpoints

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Tests
    • None
    • 🔵 Done
    • Ruby Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      The OCSP verification specs began failing recently as a result of Let's Encrypt no longer supporting OCSP. The Atlas certs thus no longer include OCSP endpoints, which breaks an assumption in the specs.

      See: https://github.com/mongodb/mongo-ruby-driver/blob/dc0865cf9aabadd1edb652446b0bd223079c8b37/spec/integration/ocsp_verifier_spec.rb#L348-L351

      If we want to keep that test (which I think has value, as it confirms that the OCSP verifier is able to extract OCSP endpoints from the cert), we need to use a bespoke cert, rather than expecting the Atlas certs to include those endpoints.

      See https://github.com/mongodb/specifications/tree/master/source/ocsp-support/tests#mock-ocsp-responder-testing-suite – which indicates where we can find appropriate certificates to use for the OCSP tests.

            Assignee:
            Unassigned
            Reporter:
            Jamis Buck
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: