Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDRIVER-5736 do not assert #1758

Merged
merged 2 commits into from
Oct 8, 2024
Merged

CDRIVER-5736 do not assert #1758

merged 2 commits into from
Oct 8, 2024

Conversation

kevinAlbs
Copy link
Collaborator

@kevinAlbs kevinAlbs commented Oct 8, 2024
edited
Loading

Follow-up to #1750 to fix failing Windows tasks.

The Windows hosts appear to have the expected CA file installed:

PS C:\Users\Administrator> Get-ChildItem -Recurse Cert:
(...)
Subject      : C=US, S=New York, L=New York City, O=MongoDB, OU=Drivers, CN=Drivers Testing CA

So no error is returned for the test.

Verified with this patch build.

vector-of-bool
vector-of-bool reviewed Oct 8, 2024
View reviewed changes
src/libmongoc/tests/test-mongoc-ssl.c
@@ -205,7 +205,7 @@ static void
test_non_existant_cafile (void)
{
mongoc_client_t *client = mongoc_client_new ("mongodb://localhost:27017/?tls=true&tlsCAFile=/nonexistant/ca.pem");
ASSERT (!mongoc_client_command_simple (client, "admin", tmp_bson ("{'ping': 1}"), NULL, NULL, NULL));
mongoc_client_command_simple (client, "admin", tmp_bson ("{'ping': 1}"), NULL, NULL, NULL);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this fail even if the Windows has the cert file? If the tlsCAFile names a non-existent file, then do we really want to fall back to the Windows cert store? And if so, should it fail anyway since the user is explicitly requesting a non-existing CA cert?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That may be a worthwhile later improvement. But at present, failure to load the CA file logs but does not propagate the error.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filed CDRIVER-5747 to propose propagating TLS set-up errors. To unblock the 1.28.1 release, I would rather keep the behavior as-is for now (no worse than the status quo).

vector-of-bool
vector-of-bool approved these changes Oct 8, 2024
View reviewed changes
Copy link
Collaborator

@vector-of-bool vector-of-bool left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kevinAlbs kevinAlbs merged commit b6d64e5 into mongodb:master Oct 8, 2024
20 of 21 checks passed
kevinAlbs added a commit that referenced this pull request Oct 8, 2024
@kevinAlbs
CDRIVER-5736 do not assert (#1758)
06f176a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vector-of-bool vector-of-bool vector-of-bool approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kevinAlbs @vector-of-bool