[CDRIVER-1964] Windows CA stores should be opened with read-only flag Created: 21/Dec/16 Updated: 21/Nov/18 Resolved: 06/Jan/17 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | 1.5.1 |
| Fix Version/s: | 1.5.2 |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Jeremy Mikola | Assignee: | Hannes Magnusson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
OpenSSL on Windows |
||
| Issue Links: |
|
||||||||||||||||||||
| Description |
|
In the absence of a ca_file or ca_dir, libmongoc falls back to loading the system CA store on Windows via _mongoc_openssl_import_cert_stores(). This should incorporate CERT_STORE_READONLY_FLAG in case the current user does not have full access to the store. bjori already has a patch for this in mongodb/mongo-php-library#313, which also improves error reporting should the CA store still fail to open properly. |
| Comments |
| Comment by Githook User [ 17/Jan/17 ] |
|
Author: {u'username': u'jmikola', u'name': u'Jeremy Mikola', u'email': u'jmikola@gmail.com'}Message: Includes |
| Comment by Githook User [ 06/Jan/17 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 06/Jan/17 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |