[CDRIVER-1231] Allow to use system crypto policies Created: 16/May/16  Updated: 10/Aug/16  Resolved: 16/May/16

Status: Closed
Project: C Driver
Component/s: libmongoc
Affects Version/s: 1.3.5
Fix Version/s: 1.4.0

Type: Bug Priority: Major - P3
Reporter: Remi Collet Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Fedora


Issue Links:
Depends
is depended on by PHPC-703 Update configure scripts for upstream... Closed
Related
related to CDRIVER-1133 Add support for SSL verification opti... Closed
Epic Link: TLS Improvements

 Description   

Per Guidelines, all packages in Fedora most rely on system crypto policies.

See

Proposal: add a --with-ssl-system-profile build option.



 Comments   
Comment by Githook User [ 17/May/16 ]

Author:

{u'username': u'jmikola', u'name': u'Jeremy Mikola', u'email': u'jmikola@gmail.com'}

Message: PHPC-703: Support system crypto policy for OpenSSL

This covers changes from CDRIVER-1231. For config.w32, we default to using the system profile for OpenSSL, as libmongoc does for Windows in CMakeLists.txt.
Branch: master
https://github.com/mongodb/mongo-php-driver/commit/d227207f970e590c3149979a675b17a0362145fa

Comment by Hannes Magnusson [ 16/May/16 ]

Thanks!

Comment by Githook User [ 16/May/16 ]

Author:

{u'username': u'remicollet', u'name': u'Remi Collet', u'email': u'remi@famillecollet.com'}

Message: CDRIVER-1231 Allow to use system crypto policies (#326)
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/90a56a4dd7f40cd6c7025d3b1fc27faccbd8b612

Comment by Remi Collet [ 16/May/16 ]

> would that affect this?

I don't think

> I don't foresee this getting into 1.3.x, there are tons of tls changes for 1.4, and this just folds into that revolt

Fine for me (the Fedora build will have this temporarily patched to conform to Guidelines, then patch will be dropped with 1.4)

Comment by Hannes Magnusson [ 16/May/16 ]

Interesting. If we add configuration option for this (as possibly planned in CDRIVER-1133), would that affect this?

I made some comments on the PR, let me know if you don't have time to make the changes and I'll gladly amend the commit.

I don't foresee this getting into 1.3.x, there are tons of tls changes for 1.4, and this just folds into that revolt

Comment by Remi Collet [ 16/May/16 ]

FYI, we have something similar used in PHP (--with-system-ciphers)

See: https://github.com/php/php-src/blob/master/ext/openssl/xp_ssl.c#L1574

Comment by Remi Collet [ 16/May/16 ]

See https://github.com/mongodb/mongo-c-driver/pull/326

Generated at Wed Feb 07 21:11:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.