[JAVA-2865] Add an option to toggle SSL certificate validation Created: 23/May/18 Updated: 11/Oct/18 Resolved: 11/Oct/18 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Connection Management |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Minor - P4 |
| Reporter: | Dmitry Ryabtsev | Assignee: | Unassigned |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Case: | (copied to CRM) |
| Description |
|
At present Java driver does not provide an option for MongoClient or MongoClientURI that could be used to enable/disable SSL certificate validation. This seems inconsistent with other drivers (e.g. VerifySslCertificate in C#, ssl_cert_reqs=ssl.CERT_NONE in PyMongo). It would be nice to have a similar option implemented in the Java driver. |
| Comments |
| Comment by Jeffrey Yemin [ 23/May/18 ] |
|
I'm not aware of a way for the driver to do this without altering all other SSL-related settings as well. Certificate checking is controlled by the TrustManager configured by the SSLContext. See The driver uses the default SSLContext provided by the JVM via SSLContext.getDefault(), but this is configurable in MongoClientOptions via MongoClientOptions.Builder#sslContext. Using this options, an application can configure the SSLContext, including the disabling of server certificate checking by the TrustManager. |