Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13945

Match x.509 cluster certificates per attribute instead of substring comparison

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.6.1
    • Fix Version/s: 2.6.2, 2.7.1
    • Component/s: Security
    • Labels:
      None
    • Backport Completed:

      Description

      We currently assume certificate subject distinguished names are on the form:

      CN=andreas.my, OU=Developers, O=MongoDB C=US

      and use a simple substring comparison to determine if the organizational part of the DN is matching. To make the comparison more resilient we should instead parse the DN and match the relevant attributes O, OU, DC that together makes up the cluster id.

      Originally we wanted to match C but that might possibly break geo-clusters.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: