You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: source/connect/tls.txt
-21Lines changed: 0 additions & 21 deletions
Original file line number
Diff line number
Diff line change
@@ -151,7 +151,6 @@ by the cmake flag ``ENABLE_SSL``, which is set to ``AUTO`` by default. This flag
151
151
152
152
- ``AUTO``: Links to the system's native TLS library, or attempts to find OpenSSL. This is the default value.
153
153
- ``OPENSSL``: Links to OpenSSL (libssl). An optional install path may be specified with ``OPENSSL_ROOT``.
154
-
- ``LIBRESSL`` (Deprecated): Links to LibreSSL's libtls. You can link to LibreSSL's compatible libssl by setting ``OPENSSL``.
155
154
- ``WINDOWS``: Links to Secure Channel, the native TLS library on Windows.
156
155
- ``DARWIN``: Links to Secure Transport, the native TLS library on macOS.
157
156
- ``OFF``: Disables TLS support.
@@ -182,26 +181,6 @@ The Online Certificate Status Protocol (OCSP) is fully supported
182
181
when using OpenSSL 1.0.1+. However, when a ``crl_file`` is set with `mongoc_ssl_opt_t <{+api-libmongoc+}/mongoc_ssl_opt_t.html>`__ and the ``crl_file`` revokes
183
182
the server's certificate, the certificate is considered revoked, even if the certificate has a valid stapled OCSP response.
184
183
185
-
.. tip::
186
-
187
-
For more information about OCSP, see `RFC 6960 <https://tools.ietf.org/html/rfc6960>`__.
188
-
189
-
LibreSSL / libtls (Deprecated)
190
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
191
-
192
-
The MongoDB C Driver supports LibreSSL through the use of OpenSSL compatibility checks when configured to compile against
193
-
``openssl``. It also supports the new ``libtls`` library when configured to build against ``libressl``.
194
-
195
-
When compiled with LibreSSL, the ``crl_file`` option of a `mongoc_ssl_opt_t <{+api-libmongoc+}/mongoc_ssl_opt_t.html>`__ is not supported,
196
-
and will issue an error if used. Setting ``tlsDisableOCSPEndpointCheck`` and ``tlsDisableCertificateRevocationCheck`` has no effect.
197
-
198
-
The Online Certificate Status Protocol (OCSP) is partially supported
199
-
with the following notes:
200
-
201
-
- Must-Staple extension (see `RFC 7633 <https://tools.ietf.org/html/rfc7633>`__) is ignored
202
-
- Connection will continue if a Must-Staple certificate is presented without a stapled response and the OCSP responder is down
203
-
- Connection will not continue if the client receives a revoked response from an OCSP responder
204
-
205
184
.. tip::
206
185
207
186
For more information about OCSP, see `RFC 6960 <https://tools.ietf.org/html/rfc6960>`__.
0 commit comments