[CDRIVER-1115] Read X.509 only once Created: 13/Feb/16 Updated: 13/Apr/16 Resolved: 13/Apr/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | 1.4.0 |
| Fix Version/s: | 1.4.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Hannes Magnusson | Assignee: | Hannes Magnusson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Epic Link: | Native TLS and SCRAM-SHA-1 | ||||||||
| Description |
|
We read the X.509 everytime we need to present it or extract information to it. In normal scenarios this is only once; when starting up the client and creating sockets. However, if the X.509 is then removed, and a socket breaks and we need to recreate it, we'll fail as we can't read the file. |
| Comments |
| Comment by Hannes Magnusson [ 13/Apr/16 ] |
|
This is intentional and expected. The resource itself is expected to be available for the lifetime of its use. This is also inline with the general expectations from OpenSSL, not only Native TLS bindings. |
| Comment by Hannes Magnusson [ 13/Feb/16 ] |
|
Note from Jesse: Let's have the topology own the cache: then it will have the right lifetime, both for pooled clients and regular clients. |
| Comment by Hannes Magnusson [ 13/Feb/16 ] |
|
This should be easily reproducible in the /SSL/extract_subject test for example |