[CDRIVER-1158] Certificate verification failure tests Created: 14/Mar/16 Updated: 03/May/17 Resolved: 27/Oct/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | TBD |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Hannes Magnusson | Assignee: | Hannes Magnusson |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Epic Link: | C Driver in Evergreen |
| Description |
|
The mock_server improvements make it pretty easy to add more failure testing. We should extend this to include certificate expiration testing, along with revocation and invalid CA tests |
| Comments |
| Comment by Hannes Magnusson [ 27/Oct/16 ] |
|
This would be major work. I think the best approach would to have actual mongod running in various quirky scenarios and make sure we do the right thing with them. Thats something that should be handled by different ticket |
| Comment by Hannes Magnusson [ 13/Oct/16 ] |
|
Its actually not that trivial, even with the mock_server changes. The mock_server uses the mongoc streams to emulate the server, which means we'll have to thoroughly and correctly emulate the mongod implementation – in all our supported client libraries. |
| Comment by Bernie Hackett [ 18/Jul/16 ] |
|
I tried to write unit tests to test these in PyMongo and gave up because the tests are so brittle. You have to test that the alert the server side of the connection gets matches the failure you expected to occur on the client side. There doesn't appear to be a way to get an error code and the message is likely to change from OpenSSL version to OpenSSL version. No idea how you would do this with SChannel or Secure Transport. |