Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-84437

Server responds with TLS encrypted message when communicating over custom Unix domain socket

    • Type: Icon: Bug Bug
    • Resolution: Gone away
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Service Arch
    • ALL
    • Service Arch 2024-03-18, Service Arch 2024-04-01

      If a server is started with TLS enabled (I tried with preferTLS) and is bound to a custom Unix domain socket, it will respond to requests over the custom socket with what appears to be encrypted messages, which will then fail to deserialize on the client side who is not expecting it. It notably does not exhibit this behavior when using the default Unix domain socket.

      To repro, start a mongod with TLS and bound to a custom socket. Using mongo shell, first try to connect to default socket and succeed, and then try to connect to the custom one and fail with an error.


      $ build/install/bin/mongod --dbpath db --tlsMode preferTLS --tlsCAFile jstests/libs/ca.pem --tlsCertificateKeyFile jstests/libs/server.pem --bind_ip="/tmp/testsocket.sock,"  
      $ build/install/bin/mongo "mongodb://%2ftmp%2fmongodb-27017.sock"                                                                                 
      MongoDB Enterprise >                                                                                                                                                                                      
      $ build/install/bin/mongo "mongodb://%2ftmp%2ftestsocket.sock"                                  
      connecting to: mongodb://%2Ftmp%2Ftestsocket.sock/?compressors=disabled&gRPC=false&gssapiServiceName=mongodb                                                                                  
      Error: Connection handshake failed. Is your mongod/mongos 3.4 or older? :: caused by :: network error while attempting to run command 'hello' on host '/tmp/testsocket.sock'  :: caused by ::\
       dbclient error communicating with server /tmp/testsocket.sock :: caused by :: recv(): message msgLen 69074944 is invalid. Min 16 Max: 48000000 :                                             
      exception: connect failed                                                                                                                                                                     
      exiting with code 1   

            patrick.freed@mongodb.com Patrick Freed
            patrick.freed@mongodb.com Patrick Freed
            0 Vote for this issue
            3 Start watching this issue