[CDRIVER-1964] Windows CA stores should be opened with read-only flag - MongoDB Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical - P2
Resolution: Fixed
Affects Version/s: 1.5.1
Fix Version/s: 1.5.2
Component/s: libmongoc
Labels:
None
Environment:
OpenSSL on Windows

Description

In the absence of a ca_file or ca_dir, libmongoc falls back to loading the system CA store on Windows via _mongoc_openssl_import_cert_stores(). This should incorporate CERT_STORE_READONLY_FLAG in case the current user does not have full access to the store.

Hannes Magnusson already has a patch for this in mongodb/mongo-php-library#313, which also improves error reporting should the CA store still fail to open properly.

Attachments

Issue Links

is depended on by

PHPC-881 Windows CA stores should be opened with read-only flag

Closed

related to

SERVER-27592 Windows Certificate Store must be opened read-only

Closed

TOOLS-2158 mongodump failing on Windows with "error opening system CA store: Access is denied."

Closed

links to

mongodb/mongo-php-library#313

Activity

People

Assignee:: Hannes Magnusson

Reporter:: Jeremy Mikola

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: Dec 21 2016 08:49:04 PM UTC

Updated:: Nov 21 2018 09:49:52 PM UTC

Resolved:: Jan 06 2017 10:07:48 PM UTC