[CDRIVER-1154] Missing Certificate Verification on reconnect Created: 11/Mar/16  Updated: 10/Aug/16  Resolved: 15/Mar/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.2.0, 1.3.0
Fix Version/s: 1.4.0, 1.3.4, 1.2.4

Type: Bug Priority: Major - P3
Reporter: Hannes Magnusson Assignee: A. Jesse Jiryu Davis
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
related to CDRIVER-1157 Verify certificates during handshake Closed
Epic Link: TLS Improvements

 Description   

When an operation times out, or an operation otherwise fails for whatever reason, we don't recheck the certificate when reconnecting to the node.



 Comments   
Comment by Githook User [ 15/Mar/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-1154: Add test
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/62247e71564b4f06c4bc0fc4932a98dfe8317a49

Comment by Githook User [ 15/Mar/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1154: Missing certificate & hostname verification on reconnect
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/b7ae105d37c36d575bf1cd7d88de041c6f6e9ce0

Comment by Githook User [ 15/Mar/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1154: Let OpenSSL verify the peer during handshake
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/a3a6f5418af66045095c84569b17598d4b093911

Comment by Githook User [ 15/Mar/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-1154 verify cert on reconnect

Single-threaded clients had not re-checked the server certificate after
a disconnect.

Conflicts:
src/mongoc/mongoc-cluster.c
tests/test-mongoc-client.c
Branch: r1.2
https://github.com/mongodb/mongo-c-driver/commit/82ed2a0a74a2a007740735fa889c4c900348dfde

Comment by A. Jesse Jiryu Davis [ 15/Mar/16 ]

Security vulnerability: when a mongoc_client_t uses SSL and is disconnected, it failed to re-verify the server certificate after reconnecting. This flaw affects single clients, not pooled ones.

Comment by Githook User [ 15/Mar/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-1154 verify cert on reconnect

Single-threaded clients had not re-checked the server certificate after
a disconnect.
Branch: r1.3
https://github.com/mongodb/mongo-c-driver/commit/43fa58228af2b262ffe0534a9ec2efbf566f6ed4

Generated at Wed Feb 07 21:11:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.