[CDRIVER-4181] Secure Channel fails TLS handshake due to hostname mismatch Created: 06/Oct/21  Updated: 07/Mar/23

Status: Backlog
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Ezra Chung Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: CDRIVER-4575

 Description   

Observed on VS 2015 variants in patch builds (one, two).

Given the C driver CA certificate being registered on the system and a mock KMS server running on port 7999, the TLS handshake as initiated by test_kms_tls_cert_valid() fails with the error SSL Certification verification failed: hostname doesn't match certificate when attempting to resolve "127.0.0.1:7999", but succeeds when "localhost:7999" is provided instead. This suggests there may be a bug in the Secure Channel library's implementation of hostname resolution in the version being used by the VS 2015 variant on Evergreen.



 Comments   
Comment by Githook User [ 07/Sep/22 ]

Author:

{'name': 'Ezra Chung', 'email': '88335979+eramongodb@users.noreply.github.com', 'username': 'eramongodb'}

Message: CXX-2410 Add support for KMIP KMS provider (#894)

  • Add support for setting TLS options for client encryption
  • Add support for setting TLS options for auto encryption
  • Make mongocxx::client_encryption moveable
  • Add KMIP provider and TLS options to basic CSE test helpers
  • Add test case sections to Prose Test 7 - Custom Endpoint Test
  • Update Prose Test 2 - Data Key and Double Encryption with KMIP
  • Update Prose Test 6 - Corpus Test with KMIP
  • Update Prose Test 7 - Custom Endpoint Test with KMIP
  • Add CSE Prose Test 11 - KMS TLS Options Tests
  • Add CAFile and tlsCertificateKeyFile env vars to Evergreen
  • Update client_encryption::create_data_key docs to include supported KMS providers
  • Update options::data_key docs to include KMIP
  • Add new MONGOCXX_TEST_* env vars to should_run_client_side_encryption_test
  • Add KMIP support for legacy runner in autoEncryptionOpts
  • Sync legacy CSE spec tests with 61b81891
  • CXX-2155 Sync legacy CSE spec tests with 947be4cf
  • CXX-2410 Sync legacy CSE spec tests with 5964c134
  • CXX-2488 Sync legacy CSE spec tests with 6a7158d5
  • CXX-2487 Sync legacy CSE spec tests with 02b4275d
  • Divide CSE legacy test runner into sections by file and test description
Generated at Wed Feb 07 21:20:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.