-
Type:
Build Failure
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
This might the same as the issue in TOOLS-3100.
Most RHEL 6.2 failures were fixed with the introduction of devtoolset-7, per TOOLS-3119. However, the native-cert-ssl-4.4 is still failing. I suspect other native-cert-ssl-* tests will have the same failure.
The relevant lines from the log include:
[2022/05/25 16:05:20.559] [buildlogger:js_test:ssl_with_system_ca] sh5159| 2022-05-25T16:05:20.558+0000 Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: localhost:20010, Type: Unknown, Last error: connection() error occurred during connection handshake: x509: certificate is not valid for any names, but wanted to match localhost }, ] }
...
[2022/05/25 16:05:21.574] [buildlogger:js_test:ssl_with_system_ca] {"t":{"$date":"2022-05-25T16:05:21.573Z"},"s":"W", "c":"NETWORK", "id":23235, "ctx":"js","msg":"SSL peer certificate validation failed","attr":{"reason":"self signed certificate"}}
...
[2022/05/25 16:05:51.588] [buildlogger:js_test:ssl_with_system_ca] sh5267| 2022-05-25T16:05:51.587+0000 Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: localhost:20011, Type: Unknown, Last error: connection() error occurred during connection handshake: x509: certificate is not valid for any names, but wanted to match localhost }, ] }
It's not clear why we're getting this error. The cert we're using is in the repo at ./test/qa-tests/jstests/libs/trusted-server.pem. When dumping the cert with openssl x509 -text -in ./test/qa-tests/jstests/libs/trusted-server.pem, we can see that it does have localhost set in its SAN (Subject Alternative Name):
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
DNS:localhost, DNS:127.0.0.1