[CDRIVER-520] Add support for native TLS on OSX (Secure Transport) Created: 30/Jan/15 Updated: 08/Jan/24 Resolved: 15/Mar/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc, tls |
| Affects Version/s: | 1.1.0 |
| Fix Version/s: | 1.4.0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Mira Carey | Assignee: | Hannes Magnusson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| Epic Link: | Native TLS and SCRAM-SHA-1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
To enable: ./configure --enable-ssl=darwin Note that by default --enable-ssl still prefers OpenSSL, if availble. This is for backwards compatibility reasons of existing expectations. This implementation uses the OpenSSL traditional PEM file, and Note that the configured certificates are expected to be available Certificate Authority checks: Providing client certificates: X.509 Authentication username extraction: Notable differences to OpenSSL: There is no such concept as ca_dir in Darwin Secure Transport. The closest would be which Keychain. — Original ticket We offer TLS support on OSX via openssl, but it'd be a better fit to offer native support through the OS. It looks like some work has already been done, albeit on a fork that can't easily be PR'd anymore. See if that's a good base to work from: https://github.com/jeromelebel/mongo-c-driver/blob/master/src/mongoc/mongoc-stream-apple-tls.c The work to take this over the line would be to port that stream implementation and whatever ifdefs he added in stream initiation in mongoc_client_new |
| Comments |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch '
|
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Currently the default is OpenSSL for BC To explicitly use NativeTLS on OSX, do --enable-ssl=darwin |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: This implementation uses the OpenSSL traditional PEM file, and Note that the configured certificates are expected to be available
|
| Comment by Githook User [ 16/Feb/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 16/Feb/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 16/Feb/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 12/Feb/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 14/Jun/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: silence openssl deprecations with autotools Until |
| Comment by Githook User [ 02/Jun/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: clang on Mac writes distracting warnings |
| Comment by A. Jesse Jiryu Davis [ 31/May/15 ] |
|
Sorry for the lack of progress on this, other issues have taken priority. This is scheduled for the 1.3 release this fall. |
| Comment by Jerome Lebel [ 07/Apr/15 ] |
|
Any update on this issue? |