Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14709

Server should explicitly disallow usage of X509 authentication without specifying CA

    XMLWordPrintableJSON

Details

    • ALL

    Description

      SSLManager::parseAndValidatePeerCertificate returns "" if no CAfile provided, so X509 subj is not extracted and you won't able to authenticate.

      The "There is no x.509 client certificate matching the user." error will be thrown.

      UPD: Apparently our position is that we don't want people to use X509 without specifying a CA, because we don't know if we can trust the certificate provided.

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            alex.komyagin@mongodb.com Alexander Komyagin
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: