[SERVER-13612] SSL-enabled server appears to not be sending the list of supported certificate issuers to the client - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.6.2, 2.7.0
Component/s: Security
Labels:
None

Operating System:
ALL
Backport Completed:

2.6.2
Steps To Reproduce:

Hide

mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

Show
mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

Description

If a client has more than one key available for an SSL handshake with mutual authentication, it has two means available to choose which one to send to the server:

the list of key types supported by the server (e.g., RSA, DSA)
the list of supported certificate issuers

The client should send a key only if is is one of the types listed, and issued by one of the issuers listed.

It appears that the server is not sending the client the list of certificate issuers.

Attachments

Activity

People

Assignee:: Andreas Nilsson

Reporter:: Jeffrey Yemin

Participants:: Andreas Nilsson, Githook User, Jeffrey Yemin

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: Apr 16 2014 03:48:36 PM UTC

Updated:: Jul 11 2016 05:18:20 PM UTC

Resolved:: Apr 22 2014 07:04:28 PM UTC