Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-84139

Do not strip spaces (if present) in DN attributes for tlsX509ClusterAuthDNOverride

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Works as Designed
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • ALL
    • Hide

      {setParameter 1} {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU=367617758012} 

      GerParameter result:

      {O=Barclays PLC,OU=367617758012}  

      Show
      {setParameter 1 } {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU= 367617758012 } GerParameter result: {O=Barclays PLC,OU= 367617758012 }

    Description

      It seems as if the server removes the spaces between attributes in DNs for the tlsX509ClusterAuthDNOverride setparam:  https://github.com/mongodb/mongo/blob/master/src/mongo/util/net/ssl_manager.cpp#L462

      For example:

      {setParameter 1} {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU=367617758012}
       
      // GerParameter result:
      {O=Barclays PLC,OU=367617758012} 

      The agent compares the getParam against the setParam to ensure we are in goal state, we have a help ticket (HELP-53222) where the agent was stuck because the strings were different (like the example above) even though the setParam succeeded. We don't do special handling of setParams in the agent, I asked the customer to retry without the spaces and that succeeded.

      Filing a ticket as per the slack discussion: https://mongodb.slack.com/archives/CB3CW8M8C/p1702397252837439

      I understand this might be difficult since what we are essentially asking for here is to preserve the spacing between the attributes (or the actual setParam that was passed in).

      Attachments

        Activity

          People

            Unassigned Unassigned
            ahmed.sulaiman@mongodb.com Ahmed Sulaiman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: