<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:18:53 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-3739] Add five second timeout to OCSP requests for OpenSSL</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-3739</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;An error due to unresponsive responders was observed here:&lt;br/&gt;
&lt;a href=&quot;https://evergreen.mongodb.com/task/mongo_c_driver_power8_ubuntu1604_authentication_tests_openssl_nosasl_23fd5f57ab3677a57c0acc4a341a33dc60073e3a_20_07_08_19_22_13&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://evergreen.mongodb.com/task/mongo_c_driver_power8_ubuntu1604_authentication_tests_openssl_nosasl_23fd5f57ab3677a57c0acc4a341a33dc60073e3a_20_07_08_19_22_13&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This caused a server selection timeout since it exceeded 30 seconds.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1405059">CDRIVER-3739</key>
            <summary>Add five second timeout to OCSP requests for OpenSSL</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Thu, 9 Jul 2020 14:01:36 +0000</created>
                <updated>Sat, 28 Oct 2023 11:28:42 +0000</updated>
                            <resolved>Tue, 14 Jul 2020 01:08:12 +0000</resolved>
                                                    <fixVersion>1.17.0-rc0</fixVersion>
                    <fixVersion>1.17.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="3283695" author="xgen-internal-githook" created="Tue, 14 Jul 2020 01:07:53 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3739&quot; title=&quot;Add five second timeout to OCSP requests for OpenSSL&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3739&quot;&gt;&lt;del&gt;CDRIVER-3739&lt;/del&gt;&lt;/a&gt; Add 5 second timeout to OCSP (#658)&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Reuse libmongoc&apos;s HTTP function instead of OCSP_sendreq_new&lt;/li&gt;
	&lt;li&gt;Support TLS in OCSP endpoint&lt;br/&gt;
Branch: r1.17&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/16adf5283ec1a8c506d5fd54d48fc76716bc3018&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/16adf5283ec1a8c506d5fd54d48fc76716bc3018&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="3283589" author="xgen-internal-githook" created="Mon, 13 Jul 2020 22:37:47 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3739&quot; title=&quot;Add five second timeout to OCSP requests for OpenSSL&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3739&quot;&gt;&lt;del&gt;CDRIVER-3739&lt;/del&gt;&lt;/a&gt; Add 5 second timeout to OCSP (#658)&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Reuse libmongoc&apos;s HTTP function instead of OCSP_sendreq_new&lt;/li&gt;
	&lt;li&gt;Support TLS in OCSP endpoint&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/f5b2f9557c6623b86a46e0db846ad0d233f93760&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/f5b2f9557c6623b86a46e0db846ad0d233f93760&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="3280921" author="kevin.albertson" created="Fri, 10 Jul 2020 22:46:33 +0000"  >&lt;p&gt;PR: &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/pull/658&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/pull/658&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3277868" author="kevin.albertson" created="Thu, 9 Jul 2020 16:29:52 +0000"  >&lt;p&gt;Observations:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;The failure is not consistent. Running another patch build shows a success.&lt;br/&gt;
&lt;a href=&quot;https://spruce.mongodb.com/task/mongo_c_driver_power8_ubuntu1604_authentication_tests_openssl_nosasl_patch_23fd5f57ab3677a57c0acc4a341a33dc60073e3a_5f072dc42a60ed522d0a51c8_20_07_09_14_46_43/logs&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://spruce.mongodb.com/task/mongo_c_driver_power8_ubuntu1604_authentication_tests_openssl_nosasl_patch_23fd5f57ab3677a57c0acc4a341a33dc60073e3a_5f072dc42a60ed522d0a51c8_20_07_09_14_46_43/logs&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;According to the logged message, the timeout occurs when connecting to &lt;tt&gt;ocsp.digicert.com&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;I can reproduce this locally with just one of the hosts returned in the SRV records:
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;./cmake-build-openssl-1.1.0/src/libmongoc/mongoc-ping &quot;mongodb://freecluster-shard-00-00-oztdp.mongodb-dev.net:27017/?retryWrites=true&amp;amp;connectTimeoutMS=30000&amp;amp;serverSelectionTryOnce=false&amp;amp;tlsCAFile=/certs/ca/digicert-global-root-ca.pem&quot;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;&lt;/li&gt;
	&lt;li&gt;Wireshark shows a failure to connect. I see the first SYN packet followed by a sequence of retransmissions (attached as connection-timeout.pcapng)&lt;/li&gt;
	&lt;li&gt;I can reproduce connectivity issues outside of libmongoc. &lt;tt&gt;curl ocsp.digicert.com&lt;/tt&gt; either returns immediately, or it hangs then prints &lt;tt&gt;curl: (7) Failed to connect to ocsp.digicert.com port 80: Operation timed out&lt;/tt&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Hypothesis: This indicates a flaky connectivity issue with the responders. Implementing the five second timeout (as is recommended in the spec) should fix tests.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>CDRIVER-3508</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxgz4n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>