Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-99449

Use the net.tls.clusterCAFile / net.tls.clusterFile certificates for egress communication in gRPC if they are available

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Networking & Observability
    • Fully Compatible
    • Egress gRPC 2025-01-31, Egress gRPC 2025-02-14
    • 1

      The gRPC client unconditionally uses the caFile and certificateKeyFile for egress communication (https://github.com/10gen/mongo/blob/74903a8e3c2fc35a632ae6c3e246c3017980e2da/src/mongo/transport/grpc/grpc_transport_layer_impl.cpp#L196-L201), although the spec for outbound TLS communication state that the net.tls.clusterCAFile / net.tls.clusterFile certificates should be used for egress communication if they are available. We should fix this.

            Assignee:
            erin.mcnulty@mongodb.com Erin McNulty
            Reporter:
            erin.mcnulty@mongodb.com Erin McNulty
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: