Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-39217

TLS intermediate CA certificate not working with macOS and 4.0.5

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 4.0.5
    • Fix Version/s: 4.0.8, 4.1.9
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      OS X
    • Backport Requested:
      v4.0
    • Steps To Reproduce:
      Hide

      See attached file repro.tar.gz and read the README.markdown file for full repro details and results

      note the file has some private keys but they were generated just for this repro

      Show
      See attached file repro.tar.gz and read the README.markdown file for full repro details and results note the file has some private keys but they were generated just for this repro
    • Sprint:
      Security 2019-02-11, Security 2019-02-25, Security 2019-03-11

      Description

      Combination of the following conditions causes a failure to connect with TLS from mongo shell:

      • Server's PEMKeyFile includes the server key and cert, and also the intermediate CA cert that signed the server cert
      • mongo shell CAFile is the root CA cert that signed the intermediate cert
      • Running MongoDB 4.0.5 (does not fail on 3.6)
      • Running on macOS (does not fail on Linux)

        Attachments

          Activity

            People

            Assignee:
            sara.golemon Sara Golemon
            Reporter:
            spencer.brown Spencer Brown
            Participants:
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: