Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32551

Cluster with x.509 membership authentication serves client connection with cluster client certificate

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.6.0, 3.6.1
    • 3.6.3, 3.7.1
    • Networking, Security
    • None
    • Fully Compatible
    • ALL
    • v3.6
    • Hide
      • deploy a replica set with x.509 membership authentication and distinct pem files for clusterFile and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options
      • connect with mongo using --ssl option
      Show
      deploy a replica set with x.509 membership authentication and distinct pem files for clusterFile and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options connect with mongo using --ssl option
    • Platforms 2018-01-15

    Description

      In a 3.6.0 and 3.6.1 replica set cluster with x.509 membership authentication with distinct pem files for clusterFile (with "TLS Web Client Authentication" X509v3 Extended Key Usage) and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options the client ssl connection requests are served by client certificate (with obvious [CONNECT_ERROR] for SSL peer certificate validation failed: unsupported certificate purpose).

      It affects 3.4 --> 3.6 upgrade cluster and also a fresh 3.6 installation.

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            s.maratea Simone Maratea
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: