<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:11:44 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-1157] Verify certificates during handshake</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-1157</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;Our current TLS abstraction does certificate verification as a completely seperate step after TLS handshake.&lt;/p&gt;

&lt;p&gt;This is very risky business and resulted in &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-1154&quot; title=&quot;Missing Certificate Verification on reconnect&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-1154&quot;&gt;&lt;del&gt;CDRIVER-1154&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The protocol says you should do the certificate (and therefore hostname!) check during the handshake.&lt;br/&gt;
This has the added benefit of failed check will result in an tls alert which mongod will log, over the just random closed connection.&lt;/p&gt;</description>
                <environment></environment>
        <key id="272441">CDRIVER-1157</key>
            <summary>Verify certificates during handshake</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="bjori">Hannes Magnusson</assignee>
                                    <reporter username="bjori">Hannes Magnusson</reporter>
                        <labels>
                    </labels>
                <created>Mon, 14 Mar 2016 23:24:14 +0000</created>
                <updated>Wed, 10 Aug 2016 22:10:44 +0000</updated>
                            <resolved>Wed, 23 Mar 2016 20:08:26 +0000</resolved>
                                                    <fixVersion>1.4.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="1213038" author="xgen-internal-githook" created="Wed, 23 Mar 2016 20:06:59 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;bjori&apos;, u&apos;name&apos;: u&apos;Hannes Magnusson&apos;, u&apos;email&apos;: u&apos;bjori@php.net&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-1157&quot; title=&quot;Verify certificates during handshake&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-1157&quot;&gt;&lt;del&gt;CDRIVER-1157&lt;/del&gt;&lt;/a&gt;: Verify certificates during handshake&lt;/p&gt;

&lt;p&gt;This simplifies the OpenSSL code a lot, while this was already&lt;br/&gt;
the case in Secure Transport&lt;/p&gt;

&lt;p&gt;Note that the previous functions have been deprecated and&lt;br/&gt;
always return false now.&lt;br/&gt;
We cannot remove them due to ABI, but there is no chance&lt;br/&gt;
a user of the driver would have been calling them intentionally&lt;br/&gt;
since he would have to get a hold of the stream between&lt;br/&gt;
us creating it, and before we even run ismaster on it.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/8e0a6f53e3443259264ef5034ad40139afaace10&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/8e0a6f53e3443259264ef5034ad40139afaace10&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="272436">CDRIVER-1155</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="271671">CDRIVER-1154</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>CDRIVER-1156</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsjetj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>