Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13945

Match x.509 cluster certificates per attribute instead of substring comparison

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.6.2, 2.7.1
    • Affects Version/s: 2.6.1
    • Component/s: Security
    • Labels:
      None

      We currently assume certificate subject distinguished names are on the form:

      CN=andreas.my, OU=Developers, O=MongoDB C=US

      and use a simple substring comparison to determine if the organizational part of the DN is matching. To make the comparison more resilient we should instead parse the DN and match the relevant attributes O, OU, DC that together makes up the cluster id.

      Originally we wanted to match C but that might possibly break geo-clusters.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: