Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57716

Partial certificate chain in PEM causes validation failure in OCSP

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 5.0.3, 4.4.9, 5.1.0-rc0
    • 5.1 Required
    • Security
    • None
    • Minor Change
    • ALL
    • v5.0, v4.4
    • Security 2021-07-12, Security 2021-07-26, Security 2021-08-09

    Description

      tls section may contain CAFile and certificateKeyFile parameters. When CAFile and certificateKeyFile both contain partial certificate chains, the X509_verify_cert call in OCSPFetcher::fetchAndStaple fails with error 20: "unable to get local issuer certificate"

      Attachments

        Activity

          People

            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: