Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Once we use DNS -> A record resolution for round robin DNS, we need customize the TLS certificate validation to validate certificates against something other then a certificate.

Steps:

Create a synchronous TCP connection by using Socket in src/mongo/util/net/sock.h
Call Socket::connect()
Call ldap_init_fd with the DNS name of the server we are connecting to instead of the IP address we connected with.
Call ldap_install_tls if TLS

See https://pagure.io/SSSD/sssd/issue/905 for details.

is depended on by

SERVER-59049 Add support for round robin DNS A records

Backlog

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Mark Benvenuto
Participants:: [DO NOT USE] Backlog - Security Team, Mark Benvenuto
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Aug 02 2021 11:44:56 PM UTC
Updated:: Dec 06 2022 01:03:44 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates