[GODRIVER-1467] OCSP Support Created: 22/Jan/20 Updated: 28/Oct/23 Resolved: 26/Feb/20 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.4.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Esha Bhargava | Assignee: | Divjot Arora (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | 4.4-release-support | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Epic Link: | Go MongoDB 4.4 Support | ||||||||||||||||||||||||
| Server Compat: | 4.3 | ||||||||||||||||||||||||
| Comments |
| Comment by Githook User [ 26/Mar/20 ] |
|
Author: {'email': 'divjot.arora@10gen.com', 'name': 'Divjot Arora', 'username': 'divjotarora'}Message: |
| Comment by Githook User [ 25/Mar/20 ] |
|
Author: {'name': 'Divjot Arora', 'username': 'divjotarora', 'email': 'divjot.arora@10gen.com'}Message: The previous cron syntax was incorrect (see EVG-7622). This patch re-structures the OCSP tests as a matrix and uses batchtime instead of cron. |
| Comment by Githook User [ 28/Feb/20 ] |
|
Author: {'name': 'Divjot Arora', 'username': 'divjotarora', 'email': 'divjot.arora@10gen.com'}Message: The first commit for
This commit also uses a buildvariant instead of a matrix for OCSP tests |
| Comment by Githook User [ 26/Feb/20 ] |
|
Author: {'username': 'divjotarora', 'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com'}Message: |
| Comment by Divjot Arora (Inactive) [ 24/Jan/20 ] |
|
Testing in Evergreen relies on |
| Comment by Divjot Arora (Inactive) [ 24/Jan/20 ] |
|
Filed https://github.com/golang/go/issues/36736 to figure out if we can get access to the stapled OCSP responses in the VerifyPeerCertificate callback and hopefully add that ability to a future Go version if not. |
| Comment by Divjot Arora (Inactive) [ 23/Jan/20 ] |
|
Moving from Investigating to "In Progress". The investigation has shown that we will need to do any OCSP verification ourselves. I found a Golang issue to implement support for the Must-Staple extension in the crypto/tls package itself, but this is still open. I left a comment describing the options that my investigation has shown are viable and am hoping that we'll get a response from someone on that thread to make sure we're on the right track. |