Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-2212

X509 auth can fail on macOS 10.12 with Secure Transport

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.8.0
    • Affects Version/s: None
    • Component/s: auth, tls
    • None

      On my macOS 10.12 machine, test_extract_subject fails consistently. It should parse the test certificate and extract its subject, producing this string:

      "C=US,ST=California,L=Palo Alto,O=MongoDB,OU=Drivers,CN=server"

      Instead, it produces:

      "C=(null),ST=(null),L=(null) Alto,O=(null),OU=(null),CN=(null)"

      The failure occurs when the the driver tries to get a C string pointer from the Core Foundation string reference:

      CFStringGetCStringPtr (str, CFStringGetFastestEncoding (str));

      For some reason that returns NULL on my machine. I've found a similar unresolved bug report on StackOverflow.

      Making an ASCII-decoded copy of the string is slower and more complicated but works reliably, I think the performance hit is insignificant:

      CFStringEncoding encoding = kCFStringEncodingASCII;
      CFIndex maxSize = CFStringGetMaximumSizeForEncoding (length, encoding) + 1;
      char *cs = bson_malloc ((size_t) maxSize);
      CFStringGetCString (str, cs, maxSize, encoding);

            jesse@mongodb.com A. Jesse Jiryu Davis
            jesse@mongodb.com A. Jesse Jiryu Davis
            0 Vote for this issue
            1 Start watching this issue