|
Author:
{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}
Message: CDRIVER-3668 fix ifdef around test
Branch: r1.17
https://github.com/mongodb/mongo-c-driver/commit/72a1cf6d342d6e8031337dfff4830601507ee2c1
|
|
Author:
{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}
Message: CDRIVER-3668 support OCSP back to OpenSSL 1.0.1 (#623)
- change SSL_CTX_set_tlsext_status_type to SSL_set_tlsext_status_type.
- polyfill SSL_get0_verified_chain, NID_tlsfeature, and hostname check.
- check for status_request from the tlsfeature extension when inspecting peer certificate.
- skip time check for older OpenSSL when updating cache entries.
- perform the OCSP check after the handshake, since sometimes the peer certificate is not available in the callback in OpenSSL <= 1.0.2.
- check tlsDisableOCSPEndpointCheck before reaching out to a responder.
- make tlsDisableOCSPEndpointCheck and tlsDisableCertificateRevocationCheck URI options implicitly enable TLS.
- enable OCSP tests on OpenSSL and macOS that were skipped.
- add OCSP tests for OpenSSL 1.0.1.
- update OCSP OpenSSL documentation.
- change OCSP verification logs from MONGOC_DEBUG to TRACE in successful cases.
Branch: r1.17
https://github.com/mongodb/mongo-c-driver/commit/1184f0236c468e17ba7ef79229bd17a0a7bc3e2a
|
|
Author:
{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}
Message: CDRIVER-3668 fix ifdef around test
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/500c40eda94b8709fc41ad0ecf257d6baccf36e8
|
|
Author:
{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}
Message: CDRIVER-3668 support OCSP back to OpenSSL 1.0.1 (#623)
- change SSL_CTX_set_tlsext_status_type to SSL_set_tlsext_status_type.
- polyfill SSL_get0_verified_chain, NID_tlsfeature, and hostname check.
- check for status_request from the tlsfeature extension when inspecting peer certificate.
- skip time check for older OpenSSL when updating cache entries.
- perform the OCSP check after the handshake, since sometimes the peer certificate is not available in the callback in OpenSSL <= 1.0.2.
- check tlsDisableOCSPEndpointCheck before reaching out to a responder.
- make tlsDisableOCSPEndpointCheck and tlsDisableCertificateRevocationCheck URI options implicitly enable TLS.
- enable OCSP tests on OpenSSL and macOS that were skipped.
- add OCSP tests for OpenSSL 1.0.1.
- update OCSP OpenSSL documentation.
- change OCSP verification logs from MONGOC_DEBUG to TRACE in successful cases.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/733322e98fdad8d4cf5fa2ce2f256d8e014ce51e
|
|
PR: https://github.com/mongodb/mongo-c-driver/pull/623
|
Generated at Wed Feb 07 21:18:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.