[DRIVERS-65] SSL certificate validation testing Created: 11/Dec/12  Updated: 15/May/19  Resolved: 06/Mar/15

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Eric Milkie Assignee: Barrie Segal
Resolution: Done Votes: 0
Labels: 2.4, newdriver
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on RUBY-565 Support for SSL Certification Validation Closed
depends on CSHARP-658 Add support for sending Client SSL ce... Closed
depends on NODE-29 SSL Validation support Closed
depends on PYTHON-466 SSL certificate verification Closed
depends on CDRIVER-215 SSL certificate validation testing Closed
depends on RUST-160 SSL certificate validation testing Closed
Duplicate
Related
related to SERVER-8209 reverse logic of --sslForceCertificat... Closed
related to DRIVERS-302 Test connections to Mango Closed
is related to DRIVERS-124 Perform SSL server certificate valida... Closed
is related to DOCS-873 Improved SSL support Docs Closed
is related to NODE-946 Not performing SSL server certificate... Closed
Driver Compliance:
Key Status/Resolution FixVersion
PHP-664 Done 1.4.0beta1, 1.4.0
CSHARP-658 Done 1.8
PYTHON-466 Done 2.5
RUBY-565 Done 1.9.0
NODE-29 Done
PERL-233 Done 1.0.0
CDRIVER-215 Done 0.90.0
RUST-160 Duplicate
SWIFT-472 Duplicate

 Description   

As of server 2.3.2, the server can validate SSL certificates on connect. This means that if you are using SSL and your client presents a certificate, it will be validated by the server. Also, the client can validate the server's certificate.

Note that the support for limiting the encryption ciphers has been pushed to 2.6. The spec labels as-of-yet unimplemented features as "not for 2.4".
The spec is targeted for completion in version 2.6.

I've tested certificate validation using the mongo shell and using the C++ driver, but I'd like to get some other driver tests in as well.

Currently we have only committed to Java and C# support, but other drivers should support this as time permits.



 Comments   
Comment by Andrew Morrow (Inactive) [ 03/Mar/15 ]
  • Validating for C++11 driver because built on C driver, which is validated.
  • Validating for C++ legacy driver because as stated in the description, this was tested manually with the C++ in-server C++ driver before it was forked to a separate project.
Generated at Thu Feb 08 08:20:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.