[CDRIVER-1158] Certificate verification failure tests Created: 14/Mar/16  Updated: 03/May/17  Resolved: 27/Oct/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: TBD

Type: Improvement Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: C Driver in Evergreen

 Description   

The mock_server improvements make it pretty easy to add more failure testing.

We should extend this to include certificate expiration testing, along with revocation and invalid CA tests



 Comments   
Comment by Hannes Magnusson [ 27/Oct/16 ]

This would be major work.
If this was to be mocked, it would have to use outside components that are known to be correct, or else we aren't actually testing anything.

I think the best approach would to have actual mongod running in various quirky scenarios and make sure we do the right thing with them. Thats something that should be handled by different ticket

Comment by Hannes Magnusson [ 13/Oct/16 ]

Its actually not that trivial, even with the mock_server changes. The mock_server uses the mongoc streams to emulate the server, which means we'll have to thoroughly and correctly emulate the mongod implementation – in all our supported client libraries.

Comment by Bernie Hackett [ 18/Jul/16 ]

I tried to write unit tests to test these in PyMongo and gave up because the tests are so brittle. You have to test that the alert the server side of the connection gets matches the failure you expected to occur on the client side. There doesn't appear to be a way to get an error code and the message is likely to change from OpenSSL version to OpenSSL version.

No idea how you would do this with SChannel or Secure Transport.

Generated at Wed Feb 07 21:11:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.