Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13612

SSL-enabled server appears to not be sending the list of supported certificate issuers to the client

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.6.2, 2.7.0
    • Affects Version/s: 2.6.0
    • Component/s: Security
    • None
    • ALL
    • Hide

      mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

      Show
      mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

      If a client has more than one key available for an SSL handshake with mutual authentication, it has two means available to choose which one to send to the server:

      1. the list of key types supported by the server (e.g., RSA, DSA)
      2. the list of supported certificate issuers

      The client should send a key only if is is one of the types listed, and issued by one of the issuers listed.

      It appears that the server is not sending the client the list of certificate issuers.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: