[CDRIVER-1231] Allow to use system crypto policies Created: 16/May/16 Updated: 10/Aug/16 Resolved: 16/May/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | 1.3.5 |
| Fix Version/s: | 1.4.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Remi Collet | Assignee: | Hannes Magnusson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Fedora |
||
| Issue Links: |
|
||||||||||||||||
| Epic Link: | TLS Improvements | ||||||||||||||||
| Description |
|
Per Guidelines, all packages in Fedora most rely on system crypto policies. See
Proposal: add a --with-ssl-system-profile build option. |
| Comments |
| Comment by Githook User [ 17/May/16 ] |
|
Author: {u'username': u'jmikola', u'name': u'Jeremy Mikola', u'email': u'jmikola@gmail.com'}Message: This covers changes from |
| Comment by Hannes Magnusson [ 16/May/16 ] |
|
Thanks! |
| Comment by Githook User [ 16/May/16 ] |
|
Author: {u'username': u'remicollet', u'name': u'Remi Collet', u'email': u'remi@famillecollet.com'}Message: |
| Comment by Remi Collet [ 16/May/16 ] |
|
> would that affect this? I don't think > I don't foresee this getting into 1.3.x, there are tons of tls changes for 1.4, and this just folds into that revolt Fine for me (the Fedora build will have this temporarily patched to conform to Guidelines, then patch will be dropped with 1.4) |
| Comment by Hannes Magnusson [ 16/May/16 ] |
|
Interesting. If we add configuration option for this (as possibly planned in I made some comments on the PR, let me know if you don't have time to make the changes and I'll gladly amend the commit. I don't foresee this getting into 1.3.x, there are tons of tls changes for 1.4, and this just folds into that revolt |
| Comment by Remi Collet [ 16/May/16 ] |
|
FYI, we have something similar used in PHP (--with-system-ciphers) See: https://github.com/php/php-src/blob/master/ext/openssl/xp_ssl.c#L1574 |
| Comment by Remi Collet [ 16/May/16 ] |