Details
Description
MongoDB version:
mongodb-macos-x86_64-enterprise-4.1.7-40-gbfb0aec/bin/mongod --version
|
db version v4.1.7-40-gbfb0aec
|
git version: bfb0aec447f39633694dcc4418f2a5a5a167937e
|
allocator: system
|
modules: enterprise
|
build environment:
|
distarch: x86_64
|
target_arch: x86_64
|
Start mongod with the attached certificates ( server.pem
, ca.pem
):
$ mongodb-macos-x86_64-enterprise-4.1.7-40-gbfb0aec/bin/mongod -v --sslOnNormalPorts --sslWeakCertificateValidation --sslCAFile=ca.pem --sslPEMKeyFile=server.pem --dbpath tmp-data
|
Attempt to connect with the mongo shell (or any driver) with client.pem
:
$ mongo --ssl --sslAllowInvalidCertificates --sslPEMKeyFile=client.pem
|
MongoDB shell version v4.0.1
|
connecting to: mongodb://127.0.0.1:27017
|
2019-01-18T16:25:57.426-0800 W NETWORK [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_NOT_TRUSTED
|
2019-01-18T16:25:57.426-0800 E QUERY [js] Error: network error while attempting to run command 'isMaster' on host '127.0.0.1:27017' :
|
connect@src/mongo/shell/mongo.js:257:13
|
@(connect):1:6
|
exception: connect failed
|
The server logs the following error:
2019-01-18T16:25:57.387-0800 I NETWORK [listener] connection accepted from 127.0.0.1:55477 #2 (1 connection now open)
|
2019-01-18T16:25:57.420-0800 D - [conn2] User Assertion: UnsupportedFormat: Invalid IP address in CIDR string src/mongo/util/net/cidr.cpp 117
|
2019-01-18T16:25:57.423-0800 D - [conn2] User Assertion: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING src/mongo/util/icu.cpp 85
|
2019-01-18T16:25:57.423-0800 D - [conn2] User Assertion: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING src/mongo/transport/session_asio.h 633
|
2019-01-18T16:25:57.423-0800 I NETWORK [conn2] Error receiving request from client: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING. Ending connection from 127.0.0.1:55477 (connection id: 2)
|
2019-01-18T16:25:57.423-0800 I NETWORK [conn2] end connection 127.0.0.1:55477 (0 connections now open)
|
These certificates work without a problem on MongoDB 2.6-4.0 so I think there has been a regression somewhere. Also worth noting is that this failure happens on all platforms, not just macOS. This issue is currently blocking drivers from testing against the latest version of the server.