|
The wrong-host.pem cert in drivers-evergreen-tools is missing the subjectAltName field and leads to a warning from pyopenssl:
[2023/02/23 20:38:07.893] test_01_aws (test.test_encryption.TestKmsTLSOptions) ... /System/Volumes/Data/data/mci/a1ed7438a8f2faff8afef48c72af9dd7/src/venv-encryption/lib/python3.9/site-packages/service_identity/pyopenssl.py:74: SubjectAltNameWarning: Certificate with CN 'wronghost.com' has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. service-identity will remove the support for it in mid-2018.
|
[2023/02/23 20:38:07.893] cert_patterns=extract_ids(connection.get_peer_certificate()),
|
https://evergreen.mongodb.com/task/mongo_python_driver_test_macos_encryption__platform~macos_1100_auth~auth_ssl~nossl_encryption~encryption_crypt_shared_test_latest_sharded_cluster_32faa261b68a2fd33c16b1ab88f97bb73b58e85d_23_02_23_19_09_11
We should regenerate this cert with the correct subjectAltName field.
|