Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8209

reverse logic of --sslForceCertificateValidation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.4.0-rc0
    • Fix Version/s: 2.4.0-rc0
    • Component/s: Networking, Security
    • Labels:
      None
    • Environment:
      osx 10.8,
    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide

      Have not figured out how to reproduce it using the mongo shell as it presents the credentials correctly. I've added a link to the node.js test that should break but does not. Ping me if you need help setting it up.

      https://github.com/mongodb/node-mongodb-native/blob/sslValidation/test/auxilliary/ssl/ssl_present_certificate_test.js#L41

      Show
      Have not figured out how to reproduce it using the mongo shell as it presents the credentials correctly. I've added a link to the node.js test that should break but does not. Ping me if you need help setting it up. https://github.com/mongodb/node-mongodb-native/blob/sslValidation/test/auxilliary/ssl/ssl_present_certificate_test.js#L41

      Description

      Right now if you don't provide the --sslForceCertificateValidation flag the drivers can connect to the server without presenting a valid client certificate. This is a bad default as it can cause misconfiguration of the server making clients believe that they are validating certificates when in fact they are not unless they provide the --sslForceCertificateValidation flag.

      I propose you get rid of the --sslForceCertificateValidation set validation as default if you provide a certificate store and add a new flag called

      --sslIgnoreCertificateValidation

      This makes the action of lowering the security level a user explicit decision and the default is the strongest possible validation.

      ----------------------------------------
      The stuff under here is from when I discovered the behavior

      Running the mongod instance with the following parameters

      mongod --noprealloc --smallfiles --dbpath /Users/ck/coding/projects/node-mongodb-native/data/data-27017 --port 27017 --journal --sslOnNormalPorts --sslPEMKeyFile=/Users/ck/coding/projects/node-mongodb-native/test/certificates/server.pem --sslCAFile=/Users/ck/coding/projects/node-mongodb-native/test/certificates/ca.pem --sslCRLFile=/Users/ck/coding/projects/node-mongodb-native/test/certificates/crl.pem

      When providing key and cert in node.js (as needed in node.js) the server responds with.

      Thu Jan 17 15:48:29.545 [initandlisten] connection accepted from 127.0.0.1:59572 #2 (1 connection now open)
      Thu Jan 17 15:48:29.555 [conn2] end connection 127.0.0.1:59572 (0 connections now open)

      in log which is as expected but if I only provide the cert

      Thu Jan 17 15:49:23.039 [initandlisten] connection accepted from 127.0.0.1:59573 #3 (1 connection now open)
      Thu Jan 17 15:49:23.041 [conn3] no SSL certificate provided by peer
      Thu Jan 17 15:49:23.048 [conn3] end connection 127.0.0.1:59573 (0 connections now open)

      But socket stays open and operations are executed correctly against the db

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              milkie Eric Milkie
              Reporter:
              christkv Christian Amor Kvalheim
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: