[DRIVERS-2038] Test tlsCertificateKeyFile .pem file with certificate chain Created: 21/Jan/22 Updated: 21/Apr/23 |
|
| Status: | Backlog |
| Project: | Drivers |
| Component/s: | URI Options |
| Fix Version/s: | None |
| Type: | Task | Priority: | Minor - P4 |
| Reporter: | Kevin Albertson | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Driver Changes: | Needed | ||||||||
| Description |
SummaryTest that setting a tlsCertificateKeyFile to a .pem file with a certificate chain succeeds. Scope
Motivation
This .pem file includes the following:
The Go driver was incorrectly attempting to associate Private Key with Certificate 2. The expected order of certificates in a .pem file is described in: RFC 5246 7.4.2:
The motivation of this ticket is the possibility of other drivers having a similar bug. There is no certificate in drivers-evergreen-tools/.evergreen/x509gen to test. This .pem file was created for the Go driver by concatenating test files from:
Who is the affected end user?Users enabling TLS and including intermediate certificates in the certificate chain. How does this affect the end user?Users may be confused or annoyed. If a driver has a bug similar to Is this issue urgent?No. Is this ticket required by a downstream team?No. Is this ticket only for tests?Yes. |
| Comments |
| Comment by James Kovacs [ 01/Feb/22 ] |
|
Testing PEM files with cert chains is definitely worthwhile. I would suggest creating a PR with the concatenated PEM file to drivers-evergreen-tools. We need a new test in tls-option.[yml|json] that uses this new PEM file along with some verbiage about validating the cert chain. |