<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:10:47 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-842] Allow for more finegrained SSL connection control regarding invalid hostnames and invalid certificate flags</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-842</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;The mongo client has two options that deal with invalid/incorrect certificates:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;  --sslAllowInvalidHostnames         allow connections to servers with &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                                     non-matching hostnames&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;  --sslAllowInvalidCertificates      allow connections to servers with invalid &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                                     certificates&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;But the C driver only has a flag in ssl_opts to turn off invalid certificate checking (weak_cert_validation): &lt;a href=&quot;http://api.mongodb.org/c/current/mongoc_ssl_opt_t.html&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://api.mongodb.org/c/current/mongoc_ssl_opt_t.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;PHP&apos;s SSL layer has something similar through its ``verify_peer_name`` and ``allow_self_signed`` SSL context options.&lt;/p&gt;

&lt;p&gt;This currently means, that by using the CDRIVER in Hippo, I can&apos;t make all tests pass, as the peer name (&quot;server&quot;) does not match the server name as in &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-841&quot; title=&quot;Improve SSL connection error messages&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-841&quot;&gt;&lt;del&gt;CDRIVER-841&lt;/del&gt;&lt;/a&gt;. I can turn on ``allow_self_signed`` to allow connecting, but that&apos;s more than I should be having to do. Allowing an extra option specifically for peer verification would be required to allow Hippo to past the Phongo tests.&lt;/p&gt;</description>
                <environment></environment>
        <key id="229803">CDRIVER-842</key>
            <summary>Allow for more finegrained SSL connection control regarding invalid hostnames and invalid certificate flags</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="bjori">Hannes Magnusson</assignee>
                                    <reporter username="derick">Derick Rethans</reporter>
                        <labels>
                            <label>intern2016</label>
                    </labels>
                <created>Tue, 15 Sep 2015 14:41:30 +0000</created>
                <updated>Wed, 10 Aug 2016 22:10:34 +0000</updated>
                            <resolved>Thu, 16 Jun 2016 03:12:23 +0000</resolved>
                                                    <fixVersion>1.4.0</fixVersion>
                                    <component>libmongoc</component>
                    <component>tls</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="1296045" author="jesse" created="Thu, 16 Jun 2016 00:48:00 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=bjori&quot; class=&quot;user-hover&quot; rel=&quot;bjori&quot;&gt;bjori&lt;/a&gt; is this ticket complete?&lt;/p&gt;</comment>
                            <comment id="1236415" author="xgen-internal-githook" created="Thu, 14 Apr 2016 21:02:59 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;bjori&apos;, u&apos;name&apos;: u&apos;Hannes Magnusson&apos;, u&apos;email&apos;: u&apos;bjori@php.net&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-842&quot; title=&quot;Allow for more finegrained SSL connection control regarding invalid hostnames and invalid certificate flags&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-842&quot;&gt;&lt;del&gt;CDRIVER-842&lt;/del&gt;&lt;/a&gt;: Add mongoc_ssl_opt_t.allow_invalid_hostname&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/c1fa41f9ed8b43a1931bfa6f2d166cd5aa71a660&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/c1fa41f9ed8b43a1931bfa6f2d166cd5aa71a660&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="267352">CDRIVER-1133</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="229791">CDRIVER-841</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrcyfr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="959">C Driver 2016 sprint 4</customfieldvalue>
    <customfieldvalue id="970">C Driver 2016 sprint 5</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>