Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57716

Partial certificate chain in PEM causes validation failure in OCSP

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 5.1 Required
    • 5.0.3, 4.4.9, 5.1.0-rc0
    • Security
    • None
    • Minor Change
    • ALL
    • v5.0, v4.4
    • Security 2021-07-12, Security 2021-07-26, Security 2021-08-09

    Description

      tls section may contain CAFile and certificateKeyFile parameters. When CAFile and certificateKeyFile both contain partial certificate chains, the X509_verify_cert call in OCSPFetcher::fetchAndStaple fails with error 20: "unable to get local issuer certificate"

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-35418 Allow specifying CAs for incoming and outgoing connections separately

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
              sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: