Details
-
Bug
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
None
Description
Found by chris.cho, of which he included a thorough repro data and code here:
https://gist.github.com/ccho-mongodb/67dc14a2344971619403982def475a8d
Per the auth spec, the username we're deriving from the client certificate should conform to:
openssl x509 -subject -nameopt RFC2253 -noout -inform PEM -in test-client.pem
|
On the client certificate provided in that gist, that command results in:
CN=Chris,OU=TestClientCertificateOrgUnit,O=EducationClientCertificate,L=TestClientCertificateLocality,ST=TestClientCertificateState,C=US
|
But the C driver on macOS derives the username as:
C=US,ST=TestClientCertificateState,L=TestClientCertificateLocality,O=EducationClientCertificate,OU=TestClientCertificateOrgUnit,CN=Chris
|
Which results in an authentication failure. As a workaround, the username can be provided explicitly.
Attachments
Issue Links
- is related to
-
CDRIVER-1385 Secure Transport subject reversed
-
- Closed
-
-
CDRIVER-2940 Regenerate test certificates with SHA256 signatures
-
- Closed
-