Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14709

Server should explicitly disallow usage of X509 authentication without specifying CA

    XMLWordPrintable

    Details

    • Operating System:
      ALL

      Description

      SSLManager::parseAndValidatePeerCertificate returns "" if no CAfile provided, so X509 subj is not extracted and you won't able to authenticate.

      The "There is no x.509 client certificate matching the user." error will be thrown.

      UPD: Apparently our position is that we don't want people to use X509 without specifying a CA, because we don't know if we can trust the certificate provided.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              spencer.jackson Spencer Jackson
              Reporter:
              alex.komyagin Alexander Komyagin
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: