Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57716

Partial certificate chain in PEM causes validation failure in OCSP

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.0.3, 4.4.9, 5.1.0-rc0
    • Affects Version/s: 5.1 Required
    • Component/s: Security
    • None
    • Minor Change
    • ALL
    • v5.0, v4.4
    • Security 2021-07-12, Security 2021-07-26, Security 2021-08-09

      tls section may contain CAFile and certificateKeyFile parameters. When CAFile and certificateKeyFile both contain partial certificate chains, the X509_verify_cert call in OCSPFetcher::fetchAndStaple fails with error 20: "unable to get local issuer certificate"

            Assignee:
            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            Reporter:
            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: