<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:24:52 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2158] Forbid conflicting tlsInsecure options in URI spec</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2158</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;p&gt;In the URI options spec, we define &lt;a href=&quot;https://github.com/mongodb/specifications/blob/master/source/uri-options/uri-options.rst#conflicting-tls-options&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;a few provisions&lt;/a&gt; about raising errors when TLS-related options are ambiguous in order to mitigate the risk that a user runs their application with unintended TLS behavior. One of these provisions requires that errors be raised if there are conflicting values for the &lt;tt&gt;tls&lt;/tt&gt;/&lt;tt&gt;ssl&lt;/tt&gt; option. When implementing the spec for C#, Dima pointed out that we don&apos;t define a similar provision for if &lt;tt&gt;tlsInsecure&lt;/tt&gt; is provided more than once with conflicting values (and likewise for &lt;tt&gt;tlsAllowInvalidHostnames&lt;/tt&gt; and &lt;tt&gt;tlsAllowInvalidCertificates&lt;/tt&gt;. I think that we should add provisions to the spec indicating that each of these options can&apos;t have both &lt;tt&gt;true&lt;/tt&gt; and &lt;tt&gt;false&lt;/tt&gt; set for them if they appear multiple times (using similar language to the provision for &lt;tt&gt;tls&lt;/tt&gt; and &lt;tt&gt;ssl&lt;/tt&gt;.&lt;/p&gt;</description>
                <environment></environment>
        <key id="828306">DRIVERS-2158</key>
            <summary>Forbid conflicting tlsInsecure options in URI spec</summary>
                <type id="14901" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14700&amp;avatarType=issuetype">Spec Change</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="10038" iconUrl="https://jira.mongodb.org/images/icons/subtask.gif" description="">Backlog</status>
                    <statusCategory id="2" key="new" colorName="default"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="sam.rossi@mongodb.com">Samuel Rossi</reporter>
                        <labels>
                    </labels>
                <created>Fri, 28 Jun 2019 19:44:42 +0000</created>
                <updated>Thu, 31 Mar 2022 14:07:50 +0000</updated>
                                                                <component>URI Options</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="2307052" author="sam.rossi" created="Mon, 1 Jul 2019 16:07:49 +0000"  >&lt;p&gt;Yes, this is specifically related to an existing section in the URI options spec that I&apos;d like to add a couple more clauses to&lt;/p&gt;</comment>
                            <comment id="2307047" author="ian@10gen.com" created="Mon, 1 Jul 2019 16:06:29 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=sam.rossi&quot; class=&quot;user-hover&quot; rel=&quot;sam.rossi&quot;&gt;sam.rossi&lt;/a&gt; can you please confirm this is relevant to URI Options (as opposed to connection strings).&lt;/p&gt;</comment>
                            <comment id="2305342" author="sam.rossi" created="Fri, 28 Jun 2019 20:10:35 +0000"  >&lt;p&gt;Sounds good! I don&apos;t think there&apos;s any desire to turn non-TLS related instances of repeated values into errors; we added the existing provisions solely out of security concerns, and the new ones I suggest here are similarly just scoped to instances where I think security concerns are warranted.&lt;/p&gt;</comment>
                            <comment id="2305333" author="rstam" created="Fri, 28 Jun 2019 20:03:50 +0000"  >&lt;p&gt;In the C# driver we have always had the rule that when a key is repeated the last value simply overwrites any earlier values.&lt;/p&gt;

&lt;p&gt;I was actually unaware that any other driver might do something different, or that the spec said this was unambiguous.&lt;/p&gt;

&lt;p&gt;It&apos;s rather annoying to have to write extra code to detect multiple values (and even slightly tricky since it&apos;s not multiple values per se that&apos;s specified as invalid, only multiple conflicting values).&lt;/p&gt;

&lt;p&gt;We will implement the convoluted error checking for &lt;tt&gt;tls&lt;/tt&gt;&#160;related options, but will not make any changes to existing options that currently implement last one wins.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|huyls7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>