Improve deterministic calculation of key container names

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 4.0.7, 4.1.8
    • Affects Version/s: 4.0.5, 4.1.7
    • Component/s: Security
    • None
    • Fully Compatible
    • ALL
    • v4.0
    • Security 2019-02-11
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      When Windows mongo servers use a log file, they use that log file to calculate the private key container name. Unfortunately, if two private keys are loaded in the same key container, then SChannel will use the wrong private key for signing in the server key exchange.

      To fix this, we need to use a unique deterministic calculation for all key containers. The simplest solution is to append an incrementing integer to uniquify the key containers. This ensures the key container names are unique without leaking an unbounded number on each restart.

            Assignee:
            Mark Benvenuto
            Reporter:
            Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: