Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32551

Cluster with x.509 membership authentication serves client connection with cluster client certificate

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.6.0, 3.6.1
    • Fix Version/s: 3.6.3, 3.7.1
    • Component/s: Networking, Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v3.6
    • Steps To Reproduce:
      Hide
      • deploy a replica set with x.509 membership authentication and distinct pem files for clusterFile and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options
      • connect with mongo using --ssl option
      Show
      deploy a replica set with x.509 membership authentication and distinct pem files for clusterFile and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options connect with mongo using --ssl option
    • Sprint:
      Platforms 2018-01-15
    • Case:

      Description

      In a 3.6.0 and 3.6.1 replica set cluster with x.509 membership authentication with distinct pem files for clusterFile (with "TLS Web Client Authentication" X509v3 Extended Key Usage) and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options the client ssl connection requests are served by client certificate (with obvious [CONNECT_ERROR] for SSL peer certificate validation failed: unsupported certificate purpose).

      It affects 3.4 --> 3.6 upgrade cluster and also a fresh 3.6 installation.

        Attachments

          Activity

            People

            Assignee:
            spencer.jackson Spencer Jackson
            Reporter:
            s.maratea Simone Maratea
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: