Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-47051

Investigate OCSP failures on 4.3.4 and on 4.5.0

XMLWordPrintableJSON

    • Fully Compatible
    • v4.4
    • Security 2020-03-23, Security 2020-04-06
    • 0

      With the mock OCSP responder running, the 4.3.4 server will segfault using

      mongod --tlsOnNormalPorts --tlsAllowConnectionsWithoutCertificates --tlsCAFile ca.pem --tlsCertificateKeyFile server-mustStaple.pem --setParameter ocspEnabled=1

      Segfault:

      {"t":{"$date":"2020-03-23T16:50:44.855+0000"},"s":"I", "c":"CONTROL", "id":23285,"ctx":"main","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2020-03-23T16:50:44.856+0000"},"s":"W", "c":"ASIO",    "id":22601,"ctx":"main","msg":"No TransportLayer configured during NetworkInterface startup"}
{"t":{"$date":"2020-03-23T16:50:44.856+0000"},"s":"I", "c":"NETWORK", "id":23014,"ctx":"main","msg":"{foStatus_reason}","attr":{"foStatus_reason":"TCP FastOpen support requested, but disabled in kernel. Set /proc/sys/net/ipv4/tcp_fastopen to 3"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"W", "c":"ASIO",    "id":22601,"ctx":"main","msg":"No TransportLayer configured during NetworkInterface startup"}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"NETWORK", "id":23014,"ctx":"main","msg":"{foStatus_reason}","attr":{"foStatus_reason":"TCP FastOpen support requested, but disabled in kernel. Set /proc/sys/net/ipv4/tcp_fastopen to 3"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"STORAGE", "id":4615611,"ctx":"initandlisten","msg":"MongoDB starting","attr":{"pid":3103,"port":27017,"dbpath":"/data/db","architecture":"64-bit","host":"ip-10-122-2-33"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":20719,"ctx":"initandlisten","msg":"{mongodVersion_vii}","attr":{"mongodVersion_vii":"db version v4.3.4"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23399,"ctx":"initandlisten","msg":"git version: {gitVersion}","attr":{"gitVersion":"56655b06ac46825c5937ccca5947dc84ccbca69c"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23400,"ctx":"initandlisten","msg":"{openSSLVersion_OpenSSL_version}","attr":{"openSSLVersion_OpenSSL_version":"OpenSSL version: OpenSSL 1.0.2g  1 Mar 2016"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23401,"ctx":"initandlisten","msg":"allocator: {allocator}","attr":{"allocator":"tcmalloc"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23402,"ctx":"initandlisten","msg":"{ss_str}","attr":{"ss_str":"modules: enterprise "}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23403,"ctx":"initandlisten","msg":"build environment:"}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23404,"ctx":"initandlisten","msg":"    {std_get_0_envDataEntry}: {std_get_1_envDataEntry}","attr":{"std_get_0_envDataEntry":"distmod","std_get_1_envDataEntry":"ubuntu1604"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23404,"ctx":"initandlisten","msg":"    {std_get_0_envDataEntry}: {std_get_1_envDataEntry}","attr":{"std_get_0_envDataEntry":"distarch","std_get_1_envDataEntry":"x86_64"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":23404,"ctx":"initandlisten","msg":"    {std_get_0_envDataEntry}: {std_get_1_envDataEntry}","attr":{"std_get_0_envDataEntry":"target_arch","std_get_1_envDataEntry":"x86_64"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":51765,"ctx":"initandlisten","msg":"operating system: {name}, version: {version}","attr":{"name":"Ubuntu","version":"16.04"}}
{"t":{"$date":"2020-03-23T16:50:44.858+0000"},"s":"I", "c":"CONTROL", "id":21951,"ctx":"initandlisten","msg":"options: {serverGlobalParams_parsedOpts}","attr":{"serverGlobalParams_parsedOpts":{"net":{"tls":{"CAFile":"ca.pem","allowConnectionsWithoutCertificates":true,"certificateKeyFile":"server-mustStaple.pem","mode":"requireTLS"}},"setParameter":{"ocspEnabled":"1"}}}}
{"t":{"$date":"2020-03-23T16:50:44.859+0000"},"s":"I", "c":"NETWORK", "id":23014,"ctx":"initandlisten","msg":"{foStatus_reason}","attr":{"foStatus_reason":"TCP FastOpen support requested, but disabled in kernel. Set /proc/sys/net/ipv4/tcp_fastopen to 3"}}
{"t":{"$date":"2020-03-23T16:50:44.860+0000"},"s":"I", "c":"STORAGE", "id":22270,"ctx":"initandlisten","msg":"Detected data files in {dbpath} created by the '{existingStorageEngine}' storage engine, so setting the active storage engine to '{existingStorageEngine2}'.","attr":{"dbpath":"/data/db","existingStorageEngine":"wiredTiger","existingStorageEngine2":"wiredTiger"}}
{"t":{"$date":"2020-03-23T16:50:44.860+0000"},"s":"I", "c":"STORAGE", "id":22315,"ctx":"initandlisten","msg":"wiredtiger_open config: {config}","attr":{"config":"create,cache_size=14559M,cache_overflow=(file_max=0M),session_max=33000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000,close_scan_interval=10,close_handle_minimum=250),statistics_log=(wait=0),verbose=[recovery_progress,checkpoint_progress,compact_progress],"}}
{"t":{"$date":"2020-03-23T16:50:44.869+0000"},"s":"W", "c":"NETWORK", "id":23233,"ctx":"OCSPManagerHTTP-0","msg":"Could not staple OCSP response to outgoing certificate."}
{"t":{"$date":"2020-03-23T16:50:44.869+0000"},"s":"F", "c":"-",       "id":0,"ctx":"OCSPManagerHTTP-0","msg":"{}","attr":{"message":"Invalid access at address: 0"}}
{"t":{"$date":"2020-03-23T16:50:44.869+0000"},"s":"F", "c":"-",       "id":0,"ctx":"OCSPManagerHTTP-0","msg":"{}","attr":{"message":"Got signal: 11 (Segmentation fault)."}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31431,"ctx":"OCSPManagerHTTP-0","msg":"BACKTRACE: {bt}","attr":{"bt":{"backtrace":[{"a":"55CEEA06FA61","b":"55CEE74AC000","o":"2BC3A61","s":"_ZN5mongo18stack_trace_detail12_GLOBAL__N_119printStackTraceImplERKNS1_7OptionsEPNS_14StackTraceSinkE.constprop.575","s+":"1E1"},{"a":"55CEEA071139","b":"55CEE74AC000","o":"2BC5139","s":"_ZN5mongo15printStackTraceEv","s+":"29"},{"a":"55CEEA06E7E0","b":"55CEE74AC000","o":"2BC27E0","s":"_ZN5mongo12_GLOBAL__N_124abruptQuitWithAddrSignalEiP9siginfo_tPv","s+":"100"},{"a":"7FB2EEB01390","b":"7FB2EEAF0000","o":"11390","s":"funlockfile","s+":"50"},{"a":"55CEE9BDC36B","b":"55CEE74AC000","o":"273036B","s":"_ZN5mongo14future_details10statusCallIZZNS_12_GLOBAL__N_117SSLManagerOpenSSL18stapleOCSPResponseEP10ssl_ctx_stENKUlvE_clEvEUlNS_10StatusWithINS2_17OCSPFetchResponseEEEE0_JS9_EEEDaOT_DpOT0_.isra.1905","s+":"CB"},{"a":"55CEE9BDC807","b":"55CEE74AC000","o":"2730807","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZNS1_10FutureImplINS_12_GLOBAL__N_117OCSPFetchResponseEE16makeContinuationINS_8DurationISt5ratioILl1ELl1000EEEEZZNOSA_12onCompletionIZZNS8_17SSLManagerOpenSSL18stapleOCSPResponseEP10ssl_ctx_stENKUlvE_clEvEUlNS_10StatusWithIS9_EEE0_EEDaOT_ENKUlvE1_clEvEUlPNS1_15SharedStateImplIS9_EEPNSR_ISF_EEE_EENS7_ISO_EEOT0_EUlS3_E_EEDaSP_EN12SpecificImpl4callEOS3_","s+":"147"},{"a":"55CEE84817EF","b":"55CEE74AC000","o":"FD57EF","s":"_ZN5mongo14future_details15SharedStateBase20transitionToFinishedEv","s+":"19F"},{"a":"55CEE82ED01A","b":"55CEE74AC000","o":"E4101A","s":"_ZN5mongo7PromiseINS_12_GLOBAL__N_117OCSPFetchResponseEE8setErrorENS_6StatusE","s+":"76"},{"a":"55CEE82EF056","b":"55CEE74AC000","o":"E43056","s":"_ZN5mongo14future_details4callIRZNS_12_GLOBAL__N_116dispatchRequestsEP10ssl_ctx_stSt10shared_ptrI13stack_st_X509ERNS2_21OCSPValidationContextEEUlNS_10StatusWithISt10unique_ptrI16ocsp_response_stNS_14OpenSSLDeleterIFvPSC_EXadL_Z18OCSP_RESPONSE_freeEEEEEEEE_SI_EEDaOT_OT0_.cold.2023","s+":"100"},{"a":"55CEE9BD4B06","b":"55CEE74AC000","o":"2728B06","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZZNOS1_10FutureImplISt10unique_ptrI16ocsp_response_stNS_14OpenSSLDeleterIFvPS9_EXadL_Z18OCSP_RESPONSE_freeEEEEEE8getAsyncIZNS_12_GLOBAL__N_116dispatchRequestsEP10ssl_ctx_stSt10shared_ptrI13stack_st_X509ERNSH_21OCSPValidationContextEEUlNS_10StatusWithISE_EEE_EEvOT_ENKUlvE1_clEvEUlS3_E_EEDaST_EN12SpecificImpl4callEOS3_","s+":"56"},{"a":"55CEE84817EF","b":"55CEE74AC000","o":"FD57EF","s":"_ZN5mongo14future_details15SharedStateBase20transitionToFinishedEv","s+":"19F"},{"a":"55CEE9BD01BC","b":"55CEE74AC000","o":"27241BC","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZNS1_10FutureImplISt6vectorIhSaIhEEE16makeContinuationISt10unique_ptrI16ocsp_response_stNS_14OpenSSLDeleterIFvPSE_EXadL_Z18OCSP_RESPONSE_freeEEEEEZZNOSB_4thenIZNS_12_GLOBAL__N_120retrieveOCSPResponseERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERNSL_17OCSPRequestAndIDsEEUlSA_E_EEDaOT_ENKUlvE1_clEvEUlPNS1_15SharedStateImplISA_EEPNS10_ISJ_EEE_EENS7_ISX_EEOT0_EUlS3_E_EEDaSY_EN12SpecificImpl4callEOS3_","s+":"15C"},{"a":"55CEE9C0B486","b":"55CEE74AC000","o":"275F486","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZNS1_10FutureImplINS_11DataBuilderEE16makeContinuationISt6vectorIhSaIhEEZZNOS9_4thenIZNS_11OCSPManager13requestStatusESD_NS_10StringDataEEUlS8_E0_EEDaOT_ENKUlvE1_clEvEUlPNS1_15SharedStateImplIS8_EEPNSL_ISD_EEE_EENS7_ISI_EEOT0_EUlS3_E_EEDaSJ_EN12SpecificImpl4callEOS3_","s+":"8B6"},{"a":"55CEE9C0A9CF","b":"55CEE74AC000","o":"275E9CF","s":"_ZZN5mongo15unique_functionIFvNS_6StatusEEE8makeImplIZNS_11OCSPManager13requestStatusESt6vectorIhSaIhEENS_10StringDataEEUlT_E_EEDaOSA_EN12SpecificImpl4callEOS1_","s+":"34F"},{"a":"55CEE9C0F450","b":"55CEE74AC000","o":"2763450","s":"_ZN5mongo10ThreadPool10_doOneTaskEPSt11unique_lockINS_12latch_detail5LatchEE","s+":"140"},{"a":"55CEE9C11BFC","b":"55CEE74AC000","o":"2765BFC","s":"_ZN5mongo10ThreadPool13_consumeTasksEv","s+":"8C"},{"a":"55CEE9C12D2D","b":"55CEE74AC000","o":"2766D2D","s":"_ZN5mongo10ThreadPool17_workerThreadBodyEPS0_RKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE","s+":"ED"},{"a":"55CEE9C12FA3","b":"55CEE74AC000","o":"2766FA3","s":"_ZNSt6thread11_State_implINS_8_InvokerISt5tupleIJZN5mongo4stdx6threadC4IZNS3_10ThreadPool25_startWorkerThread_inlockEvEUlvE2_JELi0EEET_DpOT0_EUlvE_EEEEE6_M_runEv","s+":"53"},{"a":"55CEEA20917F","b":"55CEE74AC000","o":"2D5D17F","s":"execute_native_thread_routine","s+":"F"},{"a":"7FB2EEAF76BA","b":"7FB2EEAF0000","o":"76BA","s":"start_thread","s+":"CA"},{"a":"7FB2EE82D41D","b":"7FB2EE726000","o":"10741D","s":"clone","s+":"6D"}],"processInfo":{"mongodbVersion":"4.3.4","gitVersion":"56655b06ac46825c5937ccca5947dc84ccbca69c","compiledModules":["enterprise"],"uname":{"sysname":"Linux","release":"4.4.0-1030-aws","version":"#39-Ubuntu SMP Wed Aug 9 09:43:05 UTC 2017","machine":"x86_64"},"somap":[{"b":"55CEE74AC000","elfType":3,"buildId":"694B0E8259E722FD96CC4307B1B840ABD0377CA9"},{"b":"7FB2EEAF0000","path":"/lib/x86_64-linux-gnu/libpthread.so.0","elfType":3,"buildId":"B17C21299099640A6D863E423D99265824E7BB16"},{"b":"7FB2EE726000","path":"/lib/x86_64-linux-gnu/libc.so.6","elfType":3,"buildId":"1CA54A6E0D76188105B12E49FE6B8019BF08803A"}]}}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEEA06FA61","b":"55CEE74AC000","o":"2BC3A61","s":"_ZN5mongo18stack_trace_detail12_GLOBAL__N_119printStackTraceImplERKNS1_7OptionsEPNS_14StackTraceSinkE.constprop.575","s+":"1E1"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEEA071139","b":"55CEE74AC000","o":"2BC5139","s":"_ZN5mongo15printStackTraceEv","s+":"29"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEEA06E7E0","b":"55CEE74AC000","o":"2BC27E0","s":"_ZN5mongo12_GLOBAL__N_124abruptQuitWithAddrSignalEiP9siginfo_tPv","s+":"100"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"7FB2EEB01390","b":"7FB2EEAF0000","o":"11390","s":"funlockfile","s+":"50"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9BDC36B","b":"55CEE74AC000","o":"273036B","s":"_ZN5mongo14future_details10statusCallIZZNS_12_GLOBAL__N_117SSLManagerOpenSSL18stapleOCSPResponseEP10ssl_ctx_stENKUlvE_clEvEUlNS_10StatusWithINS2_17OCSPFetchResponseEEEE0_JS9_EEEDaOT_DpOT0_.isra.1905","s+":"CB"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9BDC807","b":"55CEE74AC000","o":"2730807","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZNS1_10FutureImplINS_12_GLOBAL__N_117OCSPFetchResponseEE16makeContinuationINS_8DurationISt5ratioILl1ELl1000EEEEZZNOSA_12onCompletionIZZNS8_17SSLManagerOpenSSL18stapleOCSPResponseEP10ssl_ctx_stENKUlvE_clEvEUlNS_10StatusWithIS9_EEE0_EEDaOT_ENKUlvE1_clEvEUlPNS1_15SharedStateImplIS9_EEPNSR_ISF_EEE_EENS7_ISO_EEOT0_EUlS3_E_EEDaSP_EN12SpecificImpl4callEOS3_","s+":"147"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE84817EF","b":"55CEE74AC000","o":"FD57EF","s":"_ZN5mongo14future_details15SharedStateBase20transitionToFinishedEv","s+":"19F"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE82ED01A","b":"55CEE74AC000","o":"E4101A","s":"_ZN5mongo7PromiseINS_12_GLOBAL__N_117OCSPFetchResponseEE8setErrorENS_6StatusE","s+":"76"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE82EF056","b":"55CEE74AC000","o":"E43056","s":"_ZN5mongo14future_details4callIRZNS_12_GLOBAL__N_116dispatchRequestsEP10ssl_ctx_stSt10shared_ptrI13stack_st_X509ERNS2_21OCSPValidationContextEEUlNS_10StatusWithISt10unique_ptrI16ocsp_response_stNS_14OpenSSLDeleterIFvPSC_EXadL_Z18OCSP_RESPONSE_freeEEEEEEEE_SI_EEDaOT_OT0_.cold.2023","s+":"100"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9BD4B06","b":"55CEE74AC000","o":"2728B06","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZZNOS1_10FutureImplISt10unique_ptrI16ocsp_response_stNS_14OpenSSLDeleterIFvPS9_EXadL_Z18OCSP_RESPONSE_freeEEEEEE8getAsyncIZNS_12_GLOBAL__N_116dispatchRequestsEP10ssl_ctx_stSt10shared_ptrI13stack_st_X509ERNSH_21OCSPValidationContextEEUlNS_10StatusWithISE_EEE_EEvOT_ENKUlvE1_clEvEUlS3_E_EEDaST_EN12SpecificImpl4callEOS3_","s+":"56"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE84817EF","b":"55CEE74AC000","o":"FD57EF","s":"_ZN5mongo14future_details15SharedStateBase20transitionToFinishedEv","s+":"19F"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9BD01BC","b":"55CEE74AC000","o":"27241BC","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZNS1_10FutureImplISt6vectorIhSaIhEEE16makeContinuationISt10unique_ptrI16ocsp_response_stNS_14OpenSSLDeleterIFvPSE_EXadL_Z18OCSP_RESPONSE_freeEEEEEZZNOSB_4thenIZNS_12_GLOBAL__N_120retrieveOCSPResponseERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERNSL_17OCSPRequestAndIDsEEUlSA_E_EEDaOT_ENKUlvE1_clEvEUlPNS1_15SharedStateImplISA_EEPNS10_ISJ_EEE_EENS7_ISX_EEOT0_EUlS3_E_EEDaSY_EN12SpecificImpl4callEOS3_","s+":"15C"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9C0B486","b":"55CEE74AC000","o":"275F486","s":"_ZZN5mongo15unique_functionIFvPNS_14future_details15SharedStateBaseEEE8makeImplIZNS1_10FutureImplINS_11DataBuilderEE16makeContinuationISt6vectorIhSaIhEEZZNOS9_4thenIZNS_11OCSPManager13requestStatusESD_NS_10StringDataEEUlS8_E0_EEDaOT_ENKUlvE1_clEvEUlPNS1_15SharedStateImplIS8_EEPNSL_ISD_EEE_EENS7_ISI_EEOT0_EUlS3_E_EEDaSJ_EN12SpecificImpl4callEOS3_","s+":"8B6"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9C0A9CF","b":"55CEE74AC000","o":"275E9CF","s":"_ZZN5mongo15unique_functionIFvNS_6StatusEEE8makeImplIZNS_11OCSPManager13requestStatusESt6vectorIhSaIhEENS_10StringDataEEUlT_E_EEDaOSA_EN12SpecificImpl4callEOS1_","s+":"34F"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9C0F450","b":"55CEE74AC000","o":"2763450","s":"_ZN5mongo10ThreadPool10_doOneTaskEPSt11unique_lockINS_12latch_detail5LatchEE","s+":"140"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9C11BFC","b":"55CEE74AC000","o":"2765BFC","s":"_ZN5mongo10ThreadPool13_consumeTasksEv","s+":"8C"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9C12D2D","b":"55CEE74AC000","o":"2766D2D","s":"_ZN5mongo10ThreadPool17_workerThreadBodyEPS0_RKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE","s+":"ED"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEE9C12FA3","b":"55CEE74AC000","o":"2766FA3","s":"_ZNSt6thread11_State_implINS_8_InvokerISt5tupleIJZN5mongo4stdx6threadC4IZNS3_10ThreadPool25_startWorkerThread_inlockEvEUlvE2_JELi0EEET_DpOT0_EUlvE_EEEEE6_M_runEv","s+":"53"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"55CEEA20917F","b":"55CEE74AC000","o":"2D5D17F","s":"execute_native_thread_routine","s+":"F"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"7FB2EEAF76BA","b":"7FB2EEAF0000","o":"76BA","s":"start_thread","s+":"CA"}}}
{"t":{"$date":"2020-03-23T16:50:44.934+0000"},"s":"I", "c":"CONTROL", "id":31427,"ctx":"OCSPManagerHTTP-0","msg":"  Frame: {frame}","attr":{"frame":{"a":"7FB2EE82D41D","b":"7FB2EE726000","o":"10741D","s":"clone","s+":"6D"}}}

      On mongodb-linux-x86_64-enterprise-ubuntu1804-4.5.0-299-g01c1045, with the mock ocsp responder running:

      /home/vincent/.mongodb/versions/mongodb-current/bin/mongod --tlsMode requireTLS --tlsCertificateKeyFile /home/vincent/projects/drivers-evergreen-tools/.evergreen/ocsp/rsa/server-mustStaple.pem --tlsAllowConnectionsWithoutCertificates --tlsCAFile /home/vincent/projects/drivers-evergreen-tools/.evergreen/ocsp/rsa/ca.pem --port 27017 --sslDisabledProtocols TLS1_0,TLS1_1 --setParameter=enableTestCommands=1 --setParameter=ocspEnabled=true --storageEngine=inMemory --dbpath=.mongodb/versions/mongodb-current/in-memory-data -vvv

      yields:

      {"t":{"$date":"2020-03-23T12:53:01.199-04:00"},"s":"W", "c":"NETWORK", "id":23233,"ctx":"OCSPManagerHTTP-1","msg":"Could not staple OCSP response to outgoing certificate."}
{"t":{"$date":"2020-03-23T12:53:01.199-04:00"},"s":"D2","c":"-",       "id":23323,"ctx":"OCSPManagerHTTP-1","msg":"Starting periodic job {job_name}","attr":{"job_name":"OCSP Fetch and Staple"}}

      Listening on http://127.0.0.1:8100/
Hit Ctrl-C to quit.
127.0.0.1 - - [23/Mar/2020 12:53:01] "POST /status/ HTTP/1.1" 200 600
127.0.0.1 - - [23/Mar/2020 12:53:01] "POST /status/ HTTP/1.1" 200 600
{code:bash}

{code:bash}
mongo mongodb://localhost/?tls=true  --tlsCAFile=/home/vincent/projects/drivers-evergr
een-tools/.evergreen/ocsp/rsa/ca.crt --tls
{"t":{"$date":"2020-03-23T17:04:09.644Z"},"s":"I", "c":"NETWORK", "id":4648601,"ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}
MongoDB shell version v4.5.0-299-g01c1045
connecting to: mongodb://localhost:27017/?compressors=disabled&gssapiServiceName=mongodb&tls=true
Error: couldn't connect to server localhost:27017, connection attempt failed: InvalidSSLConfiguration: Peer certificate requires a stapled OCSP response, but none were provided. :
connect@src/mongo/shell/mongo.js:362:17
@(connect):2:6
exception: connect failed
exiting with code 1

      cc: divjot.arora

            Assignee:
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Reporter:
            vincent.kam@mongodb.com Vincent Kam (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: