Skip to content

RUBY-3694 Gracefully handle the case where the issuer can't be found #2946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 8, 2025
Merged

RUBY-3694 Gracefully handle the case where the issuer can't be found #2946

merged 1 commit into from
Aug 8, 2025

Conversation

jamis
Copy link
Contributor

@jamis jamis commented Aug 8, 2025

One more issue related to the OCSP stuff -- just a warning if the issuer certificate cannot be found. Copilot caught the lack of this check, and upon checking other drivers, Python (at least) takes the "warn and return" approach.

@Copilot Copilot AI review requested due to automatic review settings August 8, 2025 18:17
@jamis jamis requested a review from a team as a code owner August 8, 2025 18:17
@jamis jamis requested a review from comandeo-mongo August 8, 2025 18:17
Copilot
Copilot AI reviewed Aug 8, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves OCSP (Online Certificate Status Protocol) verification by gracefully handling cases where the issuer certificate cannot be found in the certificate chain. The change adds proper error handling with a warning message and early return, following patterns established in other MongoDB drivers like Python.

  • Adds the Loggable module to enable warning logging
  • Implements graceful handling when issuer certificate is not found during OCSP verification
  • Refactors the early return condition for better readability

@jamis jamis merged commit 8043444 into mongodb:master Aug 8, 2025
196 of 202 checks passed
@jamis jamis deleted the 3694-ocsp-issuer-condition branch August 8, 2025 19:59
jamis added a commit to jamis/mongo-ruby-driver that referenced this pull request Aug 8, 2025
@jamis
Gracefully handle the case where the issuer can't be found (mongodb#2946
3d28855 
)
jamis added a commit that referenced this pull request Aug 19, 2025
@jamis
RUBY-3694 Use correct CA when verifying OCSP endpoint (2.20.x) (#2945)
1c808a9 
* RUBY-3694 Use correct CA when verifying OCSP endpoint  (#2944)

* use the next cert in the chain as the CA when verifying OCSP

* don't assume the issuer is at a particular position in the chain

* Fix incorrect method description

* https for submodules

* fix submodule syntax

* update test configuration

* bump drivers-evergreen-tools for DB version lookups

* allow prepare_server to compute the distro in the format it needs

* more evergreen config tweaks

* more test tweaks

* fix broken resolver specs

* don't try to use mock_dns on ruby 2.7

* make sure and definie the minimum_mri_version constraint

* use https to clone git repos

* maybe we need to skip sooner to avoid the around hooks...

* Gracefully handle the case where the issuer can't be found (#2946)

* no need to test against latest; 2.20.x only supports up to 7.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@alexbevi alexbevi alexbevi approved these changes

@comandeo-mongo comandeo-mongo Awaiting requested review from comandeo-mongo comandeo-mongo is a code owner automatically assigned from mongodb/dbx-ruby

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jamis @alexbevi