<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:18:42 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-3668] Support OCSP in older OpenSSL versions</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-3668</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;Currently our OCSP implementation in OpenSSL requires version 1.1.1.&lt;/p&gt;

&lt;p&gt;We document minimum supported version of OpenSSL is 1.0.1. &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3562&quot; title=&quot;Investigate if we can bump minimum dependent OpenSSL&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3562&quot;&gt;&lt;del&gt;CDRIVER-3562&lt;/del&gt;&lt;/a&gt; has yet to determine whether we can bump this requirement, but we likely need to support back to at least 1.0.2.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1347983">CDRIVER-3668</key>
            <summary>Support OCSP in older OpenSSL versions</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Tue, 12 May 2020 13:04:23 +0000</created>
                <updated>Sat, 28 Oct 2023 11:28:46 +0000</updated>
                            <resolved>Fri, 5 Jun 2020 18:35:11 +0000</resolved>
                                                    <fixVersion>1.17.0-beta2</fixVersion>
                    <fixVersion>1.17.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="3192998" author="xgen-internal-githook" created="Fri, 5 Jun 2020 18:36:16 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3668&quot; title=&quot;Support OCSP in older OpenSSL versions&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3668&quot;&gt;&lt;del&gt;CDRIVER-3668&lt;/del&gt;&lt;/a&gt; fix ifdef around test&lt;br/&gt;
Branch: r1.17&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/72a1cf6d342d6e8031337dfff4830601507ee2c1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/72a1cf6d342d6e8031337dfff4830601507ee2c1&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3192997" author="xgen-internal-githook" created="Fri, 5 Jun 2020 18:36:14 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3668&quot; title=&quot;Support OCSP in older OpenSSL versions&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3668&quot;&gt;&lt;del&gt;CDRIVER-3668&lt;/del&gt;&lt;/a&gt; support OCSP back to OpenSSL 1.0.1 (#623)&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;change SSL_CTX_set_tlsext_status_type to SSL_set_tlsext_status_type.&lt;/li&gt;
	&lt;li&gt;polyfill SSL_get0_verified_chain, NID_tlsfeature, and hostname check.&lt;/li&gt;
	&lt;li&gt;check for status_request from the tlsfeature extension when inspecting peer certificate.&lt;/li&gt;
	&lt;li&gt;skip time check for older OpenSSL when updating cache entries.&lt;/li&gt;
	&lt;li&gt;perform the OCSP check after the handshake, since sometimes the peer certificate is not available in the callback in OpenSSL &amp;lt;= 1.0.2.&lt;/li&gt;
	&lt;li&gt;check tlsDisableOCSPEndpointCheck before reaching out to a responder.&lt;/li&gt;
	&lt;li&gt;make tlsDisableOCSPEndpointCheck and tlsDisableCertificateRevocationCheck URI options implicitly enable TLS.&lt;/li&gt;
	&lt;li&gt;enable OCSP tests on OpenSSL and macOS that were skipped.&lt;/li&gt;
	&lt;li&gt;add OCSP tests for OpenSSL 1.0.1.&lt;/li&gt;
	&lt;li&gt;update OCSP OpenSSL documentation.&lt;/li&gt;
	&lt;li&gt;change OCSP verification logs from MONGOC_DEBUG to TRACE in successful cases.&lt;br/&gt;
Branch: r1.17&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/1184f0236c468e17ba7ef79229bd17a0a7bc3e2a&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/1184f0236c468e17ba7ef79229bd17a0a7bc3e2a&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="3192994" author="xgen-internal-githook" created="Fri, 5 Jun 2020 18:34:54 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3668&quot; title=&quot;Support OCSP in older OpenSSL versions&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3668&quot;&gt;&lt;del&gt;CDRIVER-3668&lt;/del&gt;&lt;/a&gt; fix ifdef around test&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/500c40eda94b8709fc41ad0ecf257d6baccf36e8&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/500c40eda94b8709fc41ad0ecf257d6baccf36e8&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3192897" author="xgen-internal-githook" created="Fri, 5 Jun 2020 17:49:56 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3668&quot; title=&quot;Support OCSP in older OpenSSL versions&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3668&quot;&gt;&lt;del&gt;CDRIVER-3668&lt;/del&gt;&lt;/a&gt; support OCSP back to OpenSSL 1.0.1 (#623)&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;change SSL_CTX_set_tlsext_status_type to SSL_set_tlsext_status_type.&lt;/li&gt;
	&lt;li&gt;polyfill SSL_get0_verified_chain, NID_tlsfeature, and hostname check.&lt;/li&gt;
	&lt;li&gt;check for status_request from the tlsfeature extension when inspecting peer certificate.&lt;/li&gt;
	&lt;li&gt;skip time check for older OpenSSL when updating cache entries.&lt;/li&gt;
	&lt;li&gt;perform the OCSP check after the handshake, since sometimes the peer certificate is not available in the callback in OpenSSL &amp;lt;= 1.0.2.&lt;/li&gt;
	&lt;li&gt;check tlsDisableOCSPEndpointCheck before reaching out to a responder.&lt;/li&gt;
	&lt;li&gt;make tlsDisableOCSPEndpointCheck and tlsDisableCertificateRevocationCheck URI options implicitly enable TLS.&lt;/li&gt;
	&lt;li&gt;enable OCSP tests on OpenSSL and macOS that were skipped.&lt;/li&gt;
	&lt;li&gt;add OCSP tests for OpenSSL 1.0.1.&lt;/li&gt;
	&lt;li&gt;update OCSP OpenSSL documentation.&lt;/li&gt;
	&lt;li&gt;change OCSP verification logs from MONGOC_DEBUG to TRACE in successful cases.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/733322e98fdad8d4cf5fa2ce2f256d8e014ce51e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/733322e98fdad8d4cf5fa2ce2f256d8e014ce51e&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="3191347" author="kevin.albertson" created="Thu, 4 Jun 2020 21:56:40 +0000"  >&lt;p&gt;PR: &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/623&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/623&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1373769">CDRIVER-3707</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1255243">CDRIVER-3562</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>CDRIVER-3508</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hx845b:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>