Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-45802

Limit frequency of X.509 client certificate expiry warnings

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security, Usability
    • Labels:
      None
    • Sprint:
      Security 2020-02-10

      Description

      During connection establishment, if a client certificate is presented whose expiration is within tlsX509ExpirationWarningThresholdDays, a warning is emitted. This can result in many warnings.

      To limit these warnings, we should record observed certificates along with a timestamp of when they were last warned about. This information should be stored in an LRU cache to bound it.

      We should warn if the presented certificate is expiring soon, and is either not contained in the cache, or the time it was last warned about is sufficiently far in the past.

        Attachments

          Activity

            People

            Assignee:
            sara.golemon Sara Golemon
            Reporter:
            spencer.jackson Spencer Jackson
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: