[CDRIVER-1380] Don't verify certificate hostname for Unix Domain Sockets Created: 14/Jul/16 Updated: 10/Aug/16 Resolved: 15/Jul/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.4.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Hannes Magnusson | Assignee: | Hannes Magnusson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Epic Link: | TLS Improvements |
| Description |
|
When connecting over UDS, doing certificate hostname verification makes no sense. We should detect this a little earlier and set allow_invalid_hostname=true automatically so individual TLS implementation doesn't have to do silly checks for it like https://github.com/mongodb/mongo-c-driver/blob/master/src/mongoc/mongoc-stream-tls-secure-transport.c#L401 |
| Comments |
| Comment by Githook User [ 15/Jul/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |