[CDRIVER-2212] X509 auth can fail on macOS 10.12 with Secure Transport Created: 15/Jul/17  Updated: 28/Oct/23  Resolved: 18/Jul/17

Status: Closed
Project: C Driver
Component/s: auth, tls
Affects Version/s: None
Fix Version/s: 1.8.0

Type: Bug Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: A. Jesse Jiryu Davis
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

On my macOS 10.12 machine, test_extract_subject fails consistently. It should parse the test certificate and extract its subject, producing this string:

"C=US,ST=California,L=Palo Alto,O=MongoDB,OU=Drivers,CN=server"

Instead, it produces:

"C=(null),ST=(null),L=(null) Alto,O=(null),OU=(null),CN=(null)"

The failure occurs when the the driver tries to get a C string pointer from the Core Foundation string reference:

CFStringGetCStringPtr (str, CFStringGetFastestEncoding (str));

For some reason that returns NULL on my machine. I've found a similar unresolved bug report on StackOverflow.

Making an ASCII-decoded copy of the string is slower and more complicated but works reliably, I think the performance hit is insignificant:

CFStringEncoding encoding = kCFStringEncodingASCII;
CFIndex maxSize = CFStringGetMaximumSizeForEncoding (length, encoding) + 1;
char *cs = bson_malloc ((size_t) maxSize);
CFStringGetCString (str, cs, maxSize, encoding);



 Comments   
Comment by Githook User [ 18/Jul/17 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-2212 fix X509 auth on macOS 10.12
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/9a55c7e73034efd574836892bcd80c04e31ba541

Generated at Wed Feb 07 21:14:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.