[DRIVERS-124] Perform SSL server certificate validation in the drivers Created: 15/Oct/13 Updated: 15/May/19 Resolved: 09/Jun/16 |
|
| Status: | Closed |
| Project: | Drivers |
| Component/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Andy Schwerin | Assignee: | Barrie Segal |
| Resolution: | Done | Votes: | 0 |
| Labels: | newdriver | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Epic Link: | Authentication | ||||||||||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||||||||||
| Description |
|
Like This behavior should be configurable by client code, in case the client intentionally wishes to ignore that the server's certificate is bad. |
| Comments |
| Comment by Bernie Hackett [ 09/Jun/16 ] |
|
Resolving again. Extensive testing proves that, unlike hostname matching, OpenSSL (at least as used in python's ssl module) always verifies notBefore and notAfter. CRL support is now implemented for python versions that support it. |
| Comment by Bernie Hackett [ 03/May/16 ] |
|
Reopening, since it turns out PyMongo doesn't do notBefore and notAfter parsing. See |
| Comment by Andrew Morrow (Inactive) [ 03/Mar/15 ] |
|