[CDRIVER-842] Allow for more finegrained SSL connection control regarding invalid hostnames and invalid certificate flags Created: 15/Sep/15  Updated: 10/Aug/16  Resolved: 16/Jun/16

Status: Closed
Project: C Driver
Component/s: libmongoc, tls
Affects Version/s: None
Fix Version/s: 1.4.0

Type: Improvement Priority: Major - P3
Reporter: Derick Rethans Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: intern2016
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-1133 Add support for SSL verification opti... Closed
is related to CDRIVER-841 Improve SSL connection error messages Closed

 Description   

The mongo client has two options that deal with invalid/incorrect certificates:

  --sslAllowInvalidHostnames         allow connections to servers with 
                                     non-matching hostnames
  --sslAllowInvalidCertificates      allow connections to servers with invalid 
                                     certificates

But the C driver only has a flag in ssl_opts to turn off invalid certificate checking (weak_cert_validation): http://api.mongodb.org/c/current/mongoc_ssl_opt_t.html

PHP's SSL layer has something similar through its ``verify_peer_name`` and ``allow_self_signed`` SSL context options.

This currently means, that by using the CDRIVER in Hippo, I can't make all tests pass, as the peer name ("server") does not match the server name as in CDRIVER-841. I can turn on ``allow_self_signed`` to allow connecting, but that's more than I should be having to do. Allowing an extra option specifically for peer verification would be required to allow Hippo to past the Phongo tests.



 Comments   
Comment by A. Jesse Jiryu Davis [ 16/Jun/16 ]

bjori is this ticket complete?

Comment by Githook User [ 14/Apr/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-842: Add mongoc_ssl_opt_t.allow_invalid_hostname
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/c1fa41f9ed8b43a1931bfa6f2d166cd5aa71a660

Generated at Wed Feb 07 21:10:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.