Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13612

SSL-enabled server appears to not be sending the list of supported certificate issuers to the client

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.6.2, 2.7.0
    • Component/s: Security
    • Labels:
      None
    • Operating System:
      ALL
    • Backport Completed:
    • Steps To Reproduce:
      Hide

      mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

      Show
      mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

      Description

      If a client has more than one key available for an SSL handshake with mutual authentication, it has two means available to choose which one to send to the server:

      1. the list of key types supported by the server (e.g., RSA, DSA)
      2. the list of supported certificate issuers

      The client should send a key only if is is one of the types listed, and issued by one of the issuers listed.

      It appears that the server is not sending the client the list of certificate issuers.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: