[DRIVERS-320] Add SNI Support Created: 18/Aug/16 Updated: 15/May/19 Resolved: 08/Dec/16 |
|
| Status: | Closed |
| Project: | Drivers |
| Component/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Rathi Gnanasekaran | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | newdriver | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||||||||||||||||||||||
| Comments |
| Comment by Rathi Gnanasekaran [ 08/Dec/16 ] | ||
|
Closing ticket as all linked tickets are closed. | ||
| Comment by Bernie Hackett [ 24/Aug/16 ] | ||
|
Note that, depending on your TLS implementation, SNI support may or may not work for IPv4 and / or IPv6 literals. The RFC explicitly states that IPv4 and IPv6 literals are not supported, but OpenSSL doesn't appear to care. By comparison, Java's SNI implementation raises an exception if you pass it an IPv6 literal as hostname. Logs from the server when using IP literals through OpenSSL:
| ||
| Comment by Bernie Hackett [ 24/Aug/16 ] | ||
|
The SNI patch has been committed to mongo master. To test that your client is using SNI, increase the log level of mongod (-v is all you need) and look for a message like this in the log:
| ||
| Comment by Hannes Magnusson [ 20/Aug/16 ] | ||
|
I've verified this ticket for:
mongoc is lacking verification of Windows Secure Channel build though |