[GODRIVER-1467] OCSP Support Created: 22/Jan/20  Updated: 28/Oct/23  Resolved: 26/Feb/20

Status: Closed
Project: Go Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.4.0

Type: Task Priority: Major - P3
Reporter: Esha Bhargava Assignee: Divjot Arora (Inactive)
Resolution: Fixed Votes: 0
Labels: 4.4-release-support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-45671 Mock OCSP responder time format not r... Closed
is depended on by DRIVERS-704 OCSP Support Implementing
Related
related to GODRIVER-1491 OCSP cache and URI option Closed
is related to GODRIVER-1491 OCSP cache and URI option Closed
Epic Link: Go MongoDB 4.4 Support
Server Compat: 4.3

 Comments   
Comment by Githook User [ 26/Mar/20 ]

Author:

{'email': 'divjot.arora@10gen.com', 'name': 'Divjot Arora', 'username': 'divjotarora'}

Message: GODRIVER-1467 Use requirements.txt from drivers-evergreen-tools (#349)
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/6f5e21636dbb05b1ba19798a9499c47d90caf413

Comment by Githook User [ 25/Mar/20 ]

Author:

{'name': 'Divjot Arora', 'username': 'divjotarora', 'email': 'divjot.arora@10gen.com'}

Message: GODRIVER-1467 Use batchtime for OCSP Evergreen tasks (#347)

The previous cron syntax was incorrect (see EVG-7622). This patch re-structures the OCSP tests as a matrix and uses batchtime instead of cron.
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/fcba78c23671f1a9571d19e842c1fe71090cba93

Comment by Githook User [ 28/Feb/20 ]

Author:

{'name': 'Divjot Arora', 'username': 'divjotarora', 'email': 'divjot.arora@10gen.com'}

Message: GODRIVER-1467 Add tests for all combinations (#317)

The first commit for GODRIVER-1467 added tests for RSA certificates.
This commit adds the following sets of tests:

  • RSA certificates + OCSP responses signed by delegates
  • ECDSA certificates
  • ECDSA certificates + OCSP responses signed by delegates

This commit also uses a buildvariant instead of a matrix for OCSP tests
in Evergreen and uses cron to set the variant to only run every 14 days
on the waterfall.
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/5ebbe7891936e6b8bdd7162bb4101ed9f4de3da6

Comment by Githook User [ 26/Feb/20 ]

Author:

{'username': 'divjotarora', 'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com'}

Message: GODRIVER-1467 Add support for OCSP verification. (#302)
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/a96725e2d7cb39d0c31f7f6605305ad3f92787c1

Comment by Divjot Arora (Inactive) [ 24/Jan/20 ]

Testing in Evergreen relies on SERVER-45671 to fix the time format returned by the mock OCSP responder.

Comment by Divjot Arora (Inactive) [ 24/Jan/20 ]

Filed https://github.com/golang/go/issues/36736 to figure out if we can get access to the stapled OCSP responses in the VerifyPeerCertificate callback and hopefully add that ability to a future Go version if not.

Comment by Divjot Arora (Inactive) [ 23/Jan/20 ]

Moving from Investigating to "In Progress". The investigation has shown that we will need to do any OCSP verification ourselves. I found a Golang issue to implement support for the Must-Staple extension in the crypto/tls package itself, but this is still open. I left a comment describing the options that my investigation has shown are viable and am hoping that we'll get a response from someone on that thread to make sure we're on the right track.

Generated at Thu Feb 08 08:36:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.