-
Type:
Improvement
-
Resolution: Unresolved
-
Priority:
Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: Replication
-
Labels:None
-
Replication
~/Sources/mongo/mongod --sslMode requireSSL --sslPEMKeyFile tests/x509gen/altname.pem --sslCAFile tests/x509gen/ca.pem --dbpath /data/rs1 --replSet foo
~/Sources/mongo/mongo --ssl --sslCAFile tests/x509gen/ca.pem --host localhost --sslPEMKeyFile tests/x509gen/client.pem
MongoDB shell version: 3.3.8-545-g4d826ac
connecting to: localhost:27017/test
MongoDB server version: 3.3.8-545-g4d826ac
Server has startup warnings:
> rs.initiate()
{
"info2" : "no configuration specified. Using a default configuration for the set",
"me" : "infant:27017",
"ok" : 0,
"errmsg" : "No host described in new configuration 1 for replica set foo maps to this node",
"code" : 93
}
2016-07-18T13:07:38.611-0700 I COMMAND [conn2] initiate : no configuration specified. Using a default configuration for the set
2016-07-18T13:07:38.611-0700 I COMMAND [conn2] created this configuration for initiation : { _id: "foo", version: 1, members: [ { _id: 0, host: "infant:27017" } ] }
2016-07-18T13:07:38.611-0700 I REPL [conn2] replSetInitiate admin command received from client
2016-07-18T13:07:38.612-0700 I NETWORK [thread1] connection accepted from 127.0.0.1:34930 #5 (3 connections now open)
2016-07-18T13:07:38.620-0700 E NETWORK [conn5] SSL peer certificate validation failed: unsupported certificate purpose
2016-07-18T13:07:38.621-0700 I - [conn5] AssertionException handling request, closing client connection: 6 Recv failed
2016-07-18T13:07:38.621-0700 E NETWORK [conn2] The server certificate does not match the host name infant
2016-07-18T13:07:38.621-0700 I - [conn5] end connection 127.0.0.1:34930 (2 connections now open)
2016-07-18T13:07:38.621-0700 W NETWORK [conn2] couldn't check isSelf (infant:27017) socket exception [CONNECT_ERROR] for The server certificate does not match the host name infant
2016-07-18T13:07:38.621-0700 E REPL [conn2] replSet initiate got NodeNotFound: No host described in new configuration 1 for replica set foo maps to this node while validating { _id: "foo", version: 1, members: [ { _id: 0, host: "infant:27017" } ] }
Turns out, the certificate I had passed to mongod didn't match the hostname rs.initiate() defaulted to.
It would be nice and error from the "check isSelf" sanitycheck been propagated through to the client, which clearly said "The server certificate does not match the host name infant"