Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-39107

Certificate validation fails with Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 4.1.7
    • Fix Version/s: 4.1.8
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Sprint:
      Security 2019-02-11

      Description

      MongoDB version:

      mongodb-macos-x86_64-enterprise-4.1.7-40-gbfb0aec/bin/mongod --version
      db version v4.1.7-40-gbfb0aec
      git version: bfb0aec447f39633694dcc4418f2a5a5a167937e
      allocator: system
      modules: enterprise
      build environment:
          distarch: x86_64
          target_arch: x86_64
      

      Start mongod with the attached certificates ( server.pem, ca.pem):

      $ mongodb-macos-x86_64-enterprise-4.1.7-40-gbfb0aec/bin/mongod -v --sslOnNormalPorts --sslWeakCertificateValidation --sslCAFile=ca.pem --sslPEMKeyFile=server.pem --dbpath tmp-data
      

      Attempt to connect with the mongo shell (or any driver) with client.pem:

      $ mongo --ssl --sslAllowInvalidCertificates --sslPEMKeyFile=client.pem
      MongoDB shell version v4.0.1
      connecting to: mongodb://127.0.0.1:27017
      2019-01-18T16:25:57.426-0800 W NETWORK  [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_NOT_TRUSTED
      2019-01-18T16:25:57.426-0800 E QUERY    [js] Error: network error while attempting to run command 'isMaster' on host '127.0.0.1:27017'  :
      connect@src/mongo/shell/mongo.js:257:13
      @(connect):1:6
      exception: connect failed
      

      The server logs the following error:

      2019-01-18T16:25:57.387-0800 I NETWORK  [listener] connection accepted from 127.0.0.1:55477 #2 (1 connection now open)
      2019-01-18T16:25:57.420-0800 D -        [conn2] User Assertion: UnsupportedFormat: Invalid IP address in CIDR string src/mongo/util/net/cidr.cpp 117
      2019-01-18T16:25:57.423-0800 D -        [conn2] User Assertion: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING src/mongo/util/icu.cpp 85
      2019-01-18T16:25:57.423-0800 D -        [conn2] User Assertion: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING src/mongo/transport/session_asio.h 633
      2019-01-18T16:25:57.423-0800 I NETWORK  [conn2] Error receiving request from client: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING. Ending connection from 127.0.0.1:55477 (connection id: 2)
      2019-01-18T16:25:57.423-0800 I NETWORK  [conn2] end connection 127.0.0.1:55477 (0 connections now open)
      

      These certificates work without a problem on MongoDB 2.6-4.0 so I think there has been a regression somewhere. Also worth noting is that this failure happens on all platforms, not just macOS. This issue is currently blocking drivers from testing against the latest version of the server.

        Attachments

        1. ca.pem
          1 kB
        2. client.pem
          3 kB
        3. server.pem
          3 kB

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: