[CDRIVER-1154] Missing Certificate Verification on reconnect Created: 11/Mar/16 Updated: 10/Aug/16 Resolved: 15/Mar/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | 1.2.0, 1.3.0 |
| Fix Version/s: | 1.4.0, 1.3.4, 1.2.4 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Hannes Magnusson | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Epic Link: | TLS Improvements | ||||||||||||
| Description |
|
When an operation times out, or an operation otherwise fails for whatever reason, we don't recheck the certificate when reconnecting to the node. |
| Comments |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: Single-threaded clients had not re-checked the server certificate after Conflicts: |
| Comment by A. Jesse Jiryu Davis [ 15/Mar/16 ] |
|
Security vulnerability: when a mongoc_client_t uses SSL and is disconnected, it failed to re-verify the server certificate after reconnecting. This flaw affects single clients, not pooled ones. |
| Comment by Githook User [ 15/Mar/16 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: Single-threaded clients had not re-checked the server certificate after |