Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-49383

Assert that Host header is present in OCSP responder

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor - P4
    • Resolution: Fixed
    • None
    • 4.4.1, 4.7.0
    • Security
    • None
    • Fully Compatible
    • v4.4
    • Security 2020-07-13

    Description

      CDRIVER-3734 discovered that sending OCSP requests with OpenSSL's OCSP_sendreq_bio may not set the Host header. Some responders, (http://ocsp.sca1b.amazontrust.com in particular) consider it a malformed HTTP request and return a 400 response.

      I think it would be beneficial to add an assertion to the mock responder to assert that the Host header is present. Drivers will benefit from this additional test coverage since the mock responder is synced to https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/ocsp/mock_ocsp_responder.py

      Attachments

        Activity

          People

            shreyas.kalyan@mongodb.com Shreyas Kalyan
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: