<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:10:28 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-737] SCRAM-SHA-1 should not depend on openssl</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-737</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;May be required in 1.2 to support Phongo.&lt;/p&gt;

&lt;p&gt;Currently authenticating using the MongoDB default SCRAM-SHA-1 authentication mechanism requires compiling the driver against OpenSSL using &apos;--enable-ssl&apos;.&lt;/p&gt;

&lt;p&gt;This means, if you don&apos;t compile with --enable-ssl you will not be able to login to recent MongoDB versions, and will fail with:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The authentication mechanism &quot;SCRAM-SHA-1&quot; is not supported.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;(which I was sure was coming from the server &lt;b&gt;sigh&lt;/b&gt;).&lt;/p&gt;

&lt;p&gt;See: &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/blob/f35fa646779f79c616f04d2323e695d20be8f6a1/src/mongoc/mongoc-cluster.c#L1001-L1018&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/blob/f35fa646779f79c616f04d2323e695d20be8f6a1/src/mongoc/mongoc-cluster.c#L1001-L1018&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I think the docs need to updated to mention that building against OpenSSL is required for authentication as-is, and in the future we should probably vendor in things we need to not rely on OpenSSL.&lt;/p&gt;


&lt;p&gt;This also causes a lot of test failures all over the place :]&lt;/p&gt;</description>
                <environment></environment>
        <key id="215731">CDRIVER-737</key>
            <summary>SCRAM-SHA-1 should not depend on openssl</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="bjori">Hannes Magnusson</assignee>
                                    <reporter username="bjori">Hannes Magnusson</reporter>
                        <labels>
                    </labels>
                <created>Wed, 8 Jul 2015 21:53:15 +0000</created>
                <updated>Wed, 13 Apr 2016 22:17:34 +0000</updated>
                            <resolved>Wed, 13 Apr 2016 22:17:34 +0000</resolved>
                                                    <fixVersion>1.4.0</fixVersion>
                                    <component>libmongoc</component>
                    <component>tls</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="1235270" author="bjori" created="Wed, 13 Apr 2016 22:17:34 +0000"  >&lt;p&gt;mongoc 1.4.0 supports native crypto libraries on Windows and OSX.&lt;br/&gt;
On *nix it requires libcrypto.&lt;/p&gt;</comment>
                            <comment id="966292" author="behackett" created="Wed, 15 Jul 2015 00:37:13 +0000"  >&lt;p&gt;Perhaps the way forward would be to just always build support for TLS? That would require native TLS support on OSX (&lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-520&quot; title=&quot;Add support for native TLS on OSX (Secure Transport)&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-520&quot;&gt;&lt;del&gt;CDRIVER-520&lt;/del&gt;&lt;/a&gt;) and Windows (&lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-744&quot; title=&quot;Add support for native TLS on Windows (Secure Channel)&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-744&quot;&gt;&lt;del&gt;CDRIVER-744&lt;/del&gt;&lt;/a&gt;). The patches related to those two tickets implement both TLS &lt;b&gt;and&lt;/b&gt; SCRAM-SHA-1 using OS native crypto APIs.&lt;/p&gt;</comment>
                            <comment id="965194" author="xgen-internal-githook" created="Tue, 14 Jul 2015 00:09:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;bjori&apos;, u&apos;name&apos;: u&apos;Hannes Magnusson&apos;, u&apos;email&apos;: u&apos;bjori@php.net&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-737&quot; title=&quot;SCRAM-SHA-1 should not depend on openssl&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-737&quot;&gt;&lt;del&gt;CDRIVER-737&lt;/del&gt;&lt;/a&gt;: Improve SCRAM-SHA-1 failure message&lt;br/&gt;
Branch: 1.2.0-dev&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/365c53feafb15b1adc7f0b511d87f4069cd201a2&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/365c53feafb15b1adc7f0b511d87f4069cd201a2&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="961623" author="jesse" created="Wed, 8 Jul 2015 22:07:09 +0000"  >&lt;p&gt;Thanks for figuring this out!&lt;/p&gt;

&lt;p&gt;I propose we update the error message and docs in 1.2 to say clearly that the problem is, you can&apos;t auth against MongoDB 3.0+ if not configured with --enable-ssl.&lt;/p&gt;

&lt;p&gt;If this seems to be a problem for people we can vendor in the algorithms (HMAC and SHA-1?) required to do SCRAM-SHA-1 without OpenSSL. Let&apos;s see how this interacts with plans to support native TLS implementations on Mac and Windows. If those libraries provide HMAC and SHA-1 implementations, then we can rely on the native TLS library to help support SCRAM-SHA-1 everywhere, without being much burden on users.&lt;/p&gt;

&lt;p&gt;If they do not provide HMAC and SHA-1, that&apos;s an additional argument for shipping our own implementation of those algorithms.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="181659">CDRIVER-520</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="216931">CDRIVER-744</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>CDRIVER-749</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrdejr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="865">C Driver 2016 sprint 1</customfieldvalue>
    <customfieldvalue id="894">C Driver 2016 sprint 2</customfieldvalue>
    <customfieldvalue id="918">C Driver 2016 sprint 3</customfieldvalue>
    <customfieldvalue id="959">C Driver 2016 sprint 4</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>