[GODRIVER-1617] add option to JUST skip hostname verification for ssl/tls Created: 14/May/20  Updated: 24/Jul/20  Resolved: 24/Jul/20

Status: Closed
Project: Go Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Huan Li Assignee: Divjot Arora (Inactive)
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by TOOLS-2587 sslAllowInvalidHostnames bypass ssl/t... Closed

 Description   

Per a request in ticket TOOLS-2587

Mongo tools require a flag in ClientOptions to bypass hostname validation during tls/ssl verification. And this is not possible done from client-side through tlsConfig, as from the discussion here https://github.com/golang/go/issues/21971
The possible solution is also stated inside the above thread.



 Comments   
Comment by Divjot Arora (Inactive) [ 24/Jul/20 ]

Go's crypto/tls library doesn't offer this feature by default and actually adding it would require risky changes to disable all TLS verification and then re-enable it using tls.Config callbacks. Given the risk associated, we're closing as  "Won't Do".

Generated at Thu Feb 08 08:36:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.