Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8739

Start mongod with SSL, CAFile and CRLFile - expired CRL file - shouldn't start.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Operating System:
      ALL

      Description

      ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ ./bin/mongod --dbpath ./data/ --sslOnNormalPorts --sslPEMKeyFile ../sslCA/gregorFreeBSD.pem --sslCAFile ../sslCA/cacert.pem --sslCRLFile ../sslCA/crl/crl_expire.pem --smallfiles
      Tue Feb 26 17:22:54.061 [initandlisten] MongoDB starting : pid=20129 port=27017 dbpath=./data/ 64-bit host=ip-10-36-133-56
      Tue Feb 26 17:22:54.061 [initandlisten] db version v2.4.0-rc1, pdfile version 4.5
      Tue Feb 26 17:22:54.061 [initandlisten] git version: 1ea058cf251bda7624f2afac0b38eebd969c5105 modules: subscription
      Tue Feb 26 17:22:54.061 [initandlisten] build info: Linux ip-10-80-175-252 3.2.0-38-virtual #60-Ubuntu SMP Wed Feb 13 13:42:54 UTC 2013 x86_64 BOOST_LIB_VERSION=1_49
      Tue Feb 26 17:22:54.061 [initandlisten] allocator: tcmalloc
      Tue Feb 26 17:22:54.061 [initandlisten] options: { dbpath: "./data/", smallfiles: true, sslCAFile: "../sslCA/cacert.pem", sslCRLFile: "../sslCA/crl/crl_expire.pem", sslOnNormalPorts: true, sslPEMKeyFile: "../sslCA/gregorFreeBSD.pem" }
      Tue Feb 26 17:22:54.070 [initandlisten] journal dir=./data/journal
      Tue Feb 26 17:22:54.070 [initandlisten] recover : no journal files present, no recovery needed
      Tue Feb 26 17:22:54.270 [initandlisten] ssl imported 1 revoked certificate from the revocation list.
      Tue Feb 26 17:22:54.272 [initandlisten] waiting for connections on port 27017 ssl
      Tue Feb 26 17:22:54.272 [websvr] ssl imported 1 revoked certificate from the revocation list.
      Tue Feb 26 17:22:54.272 [websvr] admin web console waiting for connections on port 28017 ssl

      ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ openssl crl -in ../sslCA/crl/crl_expire.pem -noout -text
      Certificate Revocation List (CRL):
              Version 2 (0x1)
          Signature Algorithm: sha1WithRSAEncryption
              Issuer: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=gregor/emailAddress=gregor@10gen.com
              Last Update: Feb 25 16:41:41 2013 GMT
              Next Update: Feb 26 16:41:41 2013 GMT
              CRL extensions:
                  X509v3 CRL Number: 
                      2
      Revoked Certificates:
          Serial Number: 1001
              Revocation Date: Feb 25 15:06:25 2013 GMT
          Signature Algorithm: sha1WithRSAEncryption
               7d:30:33:38:b1:9c:81:31:be:cb:02:2d:9f:63:a0:dd:f2:c6:
               de:e2:99:35:6e:01:72:93:78:94:1b:a8:5e:ca:d9:04:16:3c:
               f0:8d:4f:41:cb:15:8a:2d:1f:c5:69:2e:2c:32:ce:86:3a:25:
               6e:1c:53:d5:95:3e:6e:03:e0:77:92:a7:6f:08:4c:1a:37:40:
               12:81:23:22:d9:e6:aa:ac:c4:89:23:f1:7a:03:a6:6e:b5:cd:
               6e:13:0b:d3:81:d4:cd:f9:7f:dd:fa:76:eb:78:21:30:1f:31:
               33:59:0f:0e:2a:dc:ed:98:13:da:28:50:e2:a7:10:9c:75:be:
               cc:e3
      ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ 

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              gregor Gregor Macadam
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: