Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-45802

Limit frequency of X.509 client certificate expiry warnings

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security, Usability
    • None
    • Security 2020-02-10

    Description

      During connection establishment, if a client certificate is presented whose expiration is within tlsX509ExpirationWarningThresholdDays, a warning is emitted. This can result in many warnings.

      To limit these warnings, we should record observed certificates along with a timestamp of when they were last warned about. This information should be stored in an LRU cache to bound it.

      We should warn if the presented certificate is expiring soon, and is either not contained in the cache, or the time it was last warned about is sufficiently far in the past.

      Attachments

        Activity

          People

            sara.golemon@mongodb.com Sara Golemon
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: