CDRIVER-3668 support OCSP back to OpenSSL 1.0.1 #623
Merged
Commits on May 29, 2020
-
CDRIVER-3668 support OCSP back to OpenSSL 1.0.1
- change SSL_CTX_set_tlsext_status_type to SSL_set_tlsext_status_type. - polyfill SSL_get0_verified_chain, NID_tlsfeature, and hostname check. - check for status_request from the tlsfeature extension when inspecting peer certificate. - skip time check for older OpenSSL when updating cache entries. - perform the OCSP check after the handshake, since sometimes the peer certificate is not available in the callback in OpenSSL <= 1.0.2. - check tlsDisableOCSPEndpointCheck before reaching out to a responder. - make tlsDisableOCSPEndpointCheck and tlsDisableCertificateRevocationCheck URI options implicitly enable TLS. - enable OCSP tests on OpenSSL and macOS that were skipped. - add OCSP tests for OpenSSL 1.0.1. - update OCSP OpenSSL documentation. - change OCSP verification logs from MONGOC_DEBUG to TRACE in successful cases.
-
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.