[DRIVERS-466] Handshake changes for SDAM and Auth Created: 28/Mar/18  Updated: 28/Oct/23  Resolved: 13/Feb/23

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: David Golden Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on CDRIVER-2579 Handshake changes for SDAM and Auth Closed
depends on CSHARP-2231 Handshake changes for SDAM and Auth Closed
depends on CXX-1541 Handshake changes for SDAM and Auth Closed
depends on GODRIVER-322 Handshake changes for SDAM and Auth Closed
depends on JAVA-2824 Handshake changes for SDAM and Auth Closed
depends on MOTOR-210 Handshake changes for SDAM and Auth Closed
depends on NODE-1394 Handshake changes for SDAM and Auth Closed
depends on PHPC-1153 Handshake changes for SDAM and Auth Closed
depends on PYTHON-1514 Handshake changes for SDAM and Auth Closed
depends on RUST-78 Implement Handshake Spec Closed
depends on RUBY-1319 Handshake changes for SDAM and Auth Closed
Related
Driver Changes: Needed
Driver Compliance:
Key Status/Resolution FixVersion
NODE-1394 Done
SCALA-389 Done 2.4.0
PYTHON-1514 Duplicate
CSHARP-2231 Fixed 2.8.0
PERL-881 Won't Fix
RUBY-1319 Fixed 2.7.0.rc0
JAVA-2824 Fixed 3.8.0
CXX-1541 Fixed 3.4.0
PHPC-1153 Fixed 1.5.0
MOTOR-210 Fixed 2.0
GODRIVER-322 Works as Designed
CDRIVER-2579 Fixed 1.11.0
RUST-78 Fixed 0.9.0-alpha
SWIFT-432 Done

 Description   

tl;dr:

  • Monitoring-only sockets must not send SCRAM mechanism negotiation in isMaster and must not authenticate at all.
  • Non-monitoring sockets (e.g. connection pool or single-threaded client) do a "normal" handshake and authenticate if there are credentials.
  • An authentication error on a socket must close all (and only) non-monitoring sockets to the same server.

Possible backward breaking change:

  • Some drivers were resetting a server's topology description to Unknown on an authentication error and should stop doing so. This means the topology will always be "correct" even when authentication fails.
  • It will no longer be possible for authentication errors to be masked as server selection errors.

Detailed changes:


Generated at Thu Feb 08 08:21:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.