SChannel client auth fails if server does not support SHA1

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Unknown
    • 2.1.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed
    • None
    • C Drivers
    • Needed
    • Hide

      1. What would you like to communicate to the user about this feature?

      The fix now imports persisted private keys into Windows stores. See Secure Channel key import for requested documentation.

      2. Would you like the user to see examples of the syntax and/or executable code and its output?

      See linked document.

      3. Which versions of the driver/connector does this apply to?

      C driver 2.1.0.

      Show
      1. What would you like to communicate to the user about this feature? The fix now imports persisted private keys into Windows stores. See Secure Channel key import for requested documentation. 2. Would you like the user to see examples of the syntax and/or executable code and its output? See linked document. 3. Which versions of the driver/connector does this apply to? C driver 2.1.0.
    • None
    • None
    • None
    • None
    • None
    • None

      Summary

      The C driver built with Secure Channel (default on Windows) fails to auth with MONGODB-X509 to a server not accepting RSA+SHA1 signature.

      Workarounds

      Build C driver with OpenSSL (using the CMake option -DENABLE_SSL=OPENSSL). This requires obtaining OpenSSL separately.

        1. cloud-prod.png
          cloud-prod.png
          30 kB

              Assignee:
              Kevin Albertson
              Reporter:
              Kevin Albertson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: