<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:18:27 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-3579] Run TLS tests with certificate validation</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-3579</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;The test runner sets &lt;tt&gt;MONGOC_TEST_SSL_WEAK_CERT_VALIDATION&lt;/tt&gt; when running tests with SSL. As a result, we may not be exercising our certificate validation code much in tests. Let&apos;s try to improve this, and do full certificate validation when testing.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1282139">CDRIVER-3579</key>
            <summary>Run TLS tests with certificate validation</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="roberto.sanchez@mongodb.com">Roberto Sanchez</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Thu, 19 Mar 2020 14:36:27 +0000</created>
                <updated>Sat, 28 Oct 2023 11:28:51 +0000</updated>
                            <resolved>Thu, 23 Jul 2020 01:22:46 +0000</resolved>
                                                    <fixVersion>1.18.0</fixVersion>
                    <fixVersion>1.18.0-alpha</fixVersion>
                                    <component>tests</component>
                    <component>tls</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="3297955" author="xgen-internal-githook" created="Thu, 23 Jul 2020 01:20:12 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Roberto C. S&#225;nchez&apos;, &apos;email&apos;: &apos;roberto@connexer.com&apos;, &apos;username&apos;: &apos;rcsanchez97&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3579&quot; title=&quot;Run TLS tests with certificate validation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3579&quot;&gt;&lt;del&gt;CDRIVER-3579&lt;/del&gt;&lt;/a&gt; run TLS tests with certificate validation&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/e0b047dd69e9c02c815cb10a9675a534b254b998&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/e0b047dd69e9c02c815cb10a9675a534b254b998&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2991797" author="kevin.albertson" created="Mon, 23 Mar 2020 13:33:27 +0000"  >&lt;p&gt;As a note, it is possible the case that enabling certificate validation in tests may only require some changes to the test script run-tests.sh on RHEL 6.2.&lt;/p&gt;

&lt;p&gt;When enabling the test variant RHEL 6.2, TLS handshake failures occurred due to certificate validation failure: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3557&quot; title=&quot;Add evergreen testing with RHEL 6 &quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3557&quot;&gt;&lt;del&gt;CDRIVER-3557&lt;/del&gt;&lt;/a&gt;. run-tests.sh attempts to copy the CA cert to /usr/local/share/ca-certificates here: &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/blob/1.16.0/.evergreen/run-tests.sh/#L30-L39&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/blob/1.16.0/.evergreen/run-tests.sh/#L30-L39&lt;/a&gt;. That fails on RHEL 6.2 (&lt;a href=&quot;https://evergreen.mongodb.com/task_log_raw/mongo_c_driver_rhel62_test_4.0_server_auth_sasl_openssl_8e8ff55cedd261a27f0bde4346b31c69ef64ff33_20_03_20_19_15_51/0?type=T#L598&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;example&lt;/a&gt;), but succeeds on other variants (&lt;a href=&quot;https://evergreen.mongodb.com/task_log_raw/mongo_c_driver_arm_ubuntu1604_test_4.0_server_auth_sasl_openssl_8e8ff55cedd261a27f0bde4346b31c69ef64ff33_20_03_20_19_15_51/0?type=T#L576&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Example&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;Because of that, tests that were constructing a &lt;tt&gt;mongoc_client_t&lt;/tt&gt; from the test URI without calling &lt;tt&gt;test_framework_set_ssl_opts&lt;/tt&gt; were failing on RHEL 6.2, because they were not disabling certificate validation. Since those tests passed elsewhere, certificate validation was at least working on those tests on every other variant.&lt;/p&gt;

&lt;p&gt;Another note, &lt;tt&gt;test_framework_get_uri_str&lt;/tt&gt; includes&#160;&quot;ssl=true&quot; if any of the TLS test environment variables are set. But, it sets no other TLS options. Perhaps we should rethink that, since it&apos;s very easy to think that constructing a client with &lt;tt&gt;test_framework_get_uri_str&lt;/tt&gt; is equivalent to &lt;tt&gt;test_framework_client_new&lt;/tt&gt;, and the only difference will be that it lacks some TLS options, but still enables TLS.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1282147">CDRIVER-3580</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1222101">CDRIVER-3557</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hw8fsn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>