Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3122

Fix SSL cert test(s) on RHEL 6.2

    XMLWordPrintable

Details

    • Build Failure
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 100.5.4
    • None
    • None

    Description

      This might the same as the issue in TOOLS-3100.

      Most RHEL 6.2 failures were fixed with the introduction of devtoolset-7, per TOOLS-3119. However, the native-cert-ssl-4.4 is still failing. I suspect other native-cert-ssl-* tests will have the same failure.

      The relevant lines from the log include:

      [2022/05/25 16:05:20.559] [buildlogger:js_test:ssl_with_system_ca] sh5159| 2022-05-25T16:05:20.558+0000	Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: localhost:20010, Type: Unknown, Last error: connection() error occurred during connection handshake: x509: certificate is not valid for any names, but wanted to match localhost }, ] }
      ...
      [2022/05/25 16:05:21.574] [buildlogger:js_test:ssl_with_system_ca] {"t":{"$date":"2022-05-25T16:05:21.573Z"},"s":"W",  "c":"NETWORK",  "id":23235,   "ctx":"js","msg":"SSL peer certificate validation failed","attr":{"reason":"self signed certificate"}}
      ...
      [2022/05/25 16:05:51.588] [buildlogger:js_test:ssl_with_system_ca] sh5267| 2022-05-25T16:05:51.587+0000	Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: localhost:20011, Type: Unknown, Last error: connection() error occurred during connection handshake: x509: certificate is not valid for any names, but wanted to match localhost }, ] }
      

      It's not clear why we're getting this error. The cert we're using is in the repo at ./test/qa-tests/jstests/libs/trusted-server.pem. When dumping the cert with openssl x509 -text -in ./test/qa-tests/jstests/libs/trusted-server.pem, we can see that it does have localhost set in its SAN (Subject Alternative Name):

             X509v3 extensions:
                  X509v3 Basic Constraints: 
                      CA:TRUE
                  X509v3 Subject Alternative Name: 
                      DNS:localhost, DNS:127.0.0.1
      

      Attachments

        Activity

          People

            tim.fogarty@mongodb.com Tim Fogarty
            dave.rolsky@mongodb.com Dave Rolsky
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: