[SERVER-49383] Assert that Host header is present in OCSP responder Created: 08/Jul/20  Updated: 29/Oct/23  Resolved: 09/Jul/20

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.4.1, 4.7.0

Type: Improvement Priority: Minor - P4
Reporter: Kevin Albertson Assignee: Shreyas Kalyan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.4
Sprint: Security 2020-07-13
Participants:

 Description   

CDRIVER-3734 discovered that sending OCSP requests with OpenSSL's OCSP_sendreq_bio may not set the Host header. Some responders, (http://ocsp.sca1b.amazontrust.com in particular) consider it a malformed HTTP request and return a 400 response.

I think it would be beneficial to add an assertion to the mock responder to assert that the Host header is present. Drivers will benefit from this additional test coverage since the mock responder is synced to https://github.com/mongodb-labs/drivers-evergreen-tools/blob/master/.evergreen/ocsp/mock_ocsp_responder.py



 Comments   
Comment by Githook User [ 04/Aug/20 ]

Author:

{'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@10gen.com', 'username': 'shreyaskalyan'}

Message: SERVER-49383 Assert that Host header is present in OCSP responder

(cherry picked from commit af43724d0602075993a181955b96f7854dc4f698)
Branch: v4.4
https://github.com/mongodb/mongo/commit/ebf2446b528d20c237f3525367b5a06e13d18bb4

Comment by Githook User [ 09/Jul/20 ]

Author:

{'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@10gen.com', 'username': 'shreyaskalyan'}

Message: SERVER-49383 Assert that Host header is present in OCSP responder
Branch: master
https://github.com/mongodb/mongo/commit/af43724d0602075993a181955b96f7854dc4f698

Generated at Thu Feb 08 05:19:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.