|
The mongo client has two options that deal with invalid/incorrect certificates:
--sslAllowInvalidHostnames allow connections to servers with
|
non-matching hostnames
|
--sslAllowInvalidCertificates allow connections to servers with invalid
|
certificates
|
But the C driver only has a flag in ssl_opts to turn off invalid certificate checking (weak_cert_validation): http://api.mongodb.org/c/current/mongoc_ssl_opt_t.html
PHP's SSL layer has something similar through its ``verify_peer_name`` and ``allow_self_signed`` SSL context options.
This currently means, that by using the CDRIVER in Hippo, I can't make all tests pass, as the peer name ("server") does not match the server name as in CDRIVER-841. I can turn on ``allow_self_signed`` to allow connecting, but that's more than I should be having to do. Allowing an extra option specifically for peer verification would be required to allow Hippo to past the Phongo tests.
|