[CDRIVER-4347] CSFLE tests failing with certificate validation errors Created: 11/Apr/22  Updated: 28/Oct/23  Resolved: 14/Feb/23

Status: Closed
Project: C Driver
Component/s: OCSP
Affects Version/s: None
Fix Version/s: 1.24.0

Type: Task Priority: Major - P3
Reporter: Roberto Sanchez Assignee: Ezra Chung
Resolution: Fixed Votes: 0
Labels: failing-on-waterfall, flaky-tests
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-3814 /client_side_encryption/azureKMS fail... Closed
is related to CDRIVER-3620 Audit evergreen matrix Closed
Epic Link: Stabilize Evergreen

 Description   

Many of the CSFLE tests currently fail and/or are flaky as a result of certificate validation errors. The problematic tests are:

/client_side_encryption/datakey_and_double_encryption
/client_side_encryption/corpus
/client_side_encryption/custom_endpoint
/client_side_encryption/kms_tls/wrong_host
/client_side_encryption/kms_tls_options

Some of the errors messages produced include:

TLS handshake failed: Failed OCSP verification
 
mongoc: OCSP response failed verification: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error
 
[TLS handshake failed: Failed certificate verification] does not contain [IP address mismatch]

They are currently being skipped, so to work on them, it will first be necessary to remove them from .evergreen/skip-tests.txt and run a patch build to determine the current failure mode(s).



 Comments   
Comment by Ezra Chung [ 14/Feb/23 ]

PR: https://github.com/mongodb/mongo-c-driver/pull/1201
Commit: https://github.com/mongodb/mongo-c-driver/commit/ba07979f5d4bad8a6910d7105fa82774d4895ef3

Generated at Wed Feb 07 21:20:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.