|
Many of the CSFLE tests currently fail and/or are flaky as a result of certificate validation errors. The problematic tests are:
/client_side_encryption/datakey_and_double_encryption
|
/client_side_encryption/corpus
|
/client_side_encryption/custom_endpoint
|
/client_side_encryption/kms_tls/wrong_host
|
/client_side_encryption/kms_tls_options
|
Some of the errors messages produced include:
TLS handshake failed: Failed OCSP verification
|
|
mongoc: OCSP response failed verification: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error
|
|
[TLS handshake failed: Failed certificate verification] does not contain [IP address mismatch]
|
They are currently being skipped, so to work on them, it will first be necessary to remove them from .evergreen/skip-tests.txt and run a patch build to determine the current failure mode(s).
|