Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-49383

Assert that Host header is present in OCSP responder

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.4.1, 4.7.0
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.4
    • Sprint:
      Security 2020-07-13

      Description

      CDRIVER-3734 discovered that sending OCSP requests with OpenSSL's OCSP_sendreq_bio may not set the Host header. Some responders, (http://ocsp.sca1b.amazontrust.com in particular) consider it a malformed HTTP request and return a 400 response.

      I think it would be beneficial to add an assertion to the mock responder to assert that the Host header is present. Drivers will benefit from this additional test coverage since the mock responder is synced to https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/ocsp/mock_ocsp_responder.py

        Attachments

          Activity

            People

            Assignee:
            shreyas.kalyan Shreyas Kalyan
            Reporter:
            kevin.albertson Kevin Albertson
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: