[CDRIVER-1182] Load Windows trusted CA by default when no CA configured Created: 30/Mar/16 Updated: 10/Aug/16 Resolved: 14/Jul/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | 1.4.0 |
| Fix Version/s: | 1.4.0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Hannes Magnusson | Assignee: | Hannes Magnusson |
| Resolution: | Done | Votes: | 0 |
| Labels: | intern2016 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Epic Link: | TLS Improvements | ||||||||||||||||||||||||
| Description |
|
The server will be making providing an explicit CA optional, and default on the system provided (OpenSSL) defaults. We do the same as of We can, and should, trust the Windows cert store for this. When no explicit CA option is provided (mongoc_ssl_opt_t.ca_file and .ca_dir) we should extract the CAs from the Windows cert store and load them into OpenSSL. — Even though we'll support Windows native Secure Channel, I think we should still do this for those resisting and continue to use OpenSSL on Windows. |
| Comments |
| Comment by Githook User [ 14/Jul/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |