Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36460

TLS certificate "purpose" requirements changed

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL

      Starting in the last week or two, the C Driver's mongo orchestration config has been unable to started a sharded cluster of replica sets with TLS enabled. Shard servers now seem to reject connections from other shard servers. They log:

      2018-08-01T22:36:37.579+0000 I NETWORK [listener] connection accepted from 127.0.0.1:56037 #12 (3 connections now open)
2018-08-01T22:36:37.584+0000 W NETWORK [conn12] SSL peer certificate validation failed: unsupported certificate purpose
2018-08-01T22:36:37.584+0000 I NETWORK [conn12] end connection 127.0.0.1:56037 (2 connections now open)

        1. mongo_c_driver_asan_ubuntu_test_asan_latest_sharded_auth_openssl_patch_ea29177af4d347616b2213016dac59c59e2b0eb7_5b66da682fbabe1abc9a5d6b_18_08_05_11_07_21-0-mongodb-logs.tar.gz
          78 kB

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: