Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13612

SSL-enabled server appears to not be sending the list of supported certificate issuers to the client

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 2.6.0
    • 2.6.2, 2.7.0
    • Security
    • None
    • ALL
    • Hide

      mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

      Show
      mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

    Description

      If a client has more than one key available for an SSL handshake with mutual authentication, it has two means available to choose which one to send to the server:

      1. the list of key types supported by the server (e.g., RSA, DSA)
      2. the list of supported certificate issuers

      The client should send a key only if is is one of the types listed, and issued by one of the issuers listed.

      It appears that the server is not sending the client the list of certificate issuers.

      Attachments

        Activity

          People

            andreas.nilsson Andreas Nilsson
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: