[DOCS-12126] Docs for SERVER-36895: Test for SAN type "IP Address" in OpenSSL/SecureTransport TLS providers Created: 10/Oct/18  Updated: 13/Nov/23  Resolved: 22/Jul/19

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 4.1.4, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: docs-4.2-security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-36895 Test for SAN type "IP Address" in Ope... Closed
Participants:
Days since reply: 4 years, 29 weeks, 2 days ago
Epic Link: DOCS: 4.2 Server/Tools

 Description   

Description

Description:

Update certificate parsing to allow IP Address tags in the Subject Alternate Names extension.

Engineering Ticket Description:

We currently only consider "DNS Name" SANs (Subject Alternate Name) on clients when comparing the intended hostname with the one actually presented.

OpenSSL: https://github.com/mongodb/mongo/blob/2145028db135b539c51713acad6952ef36e646cf/src/mongo/util/net/ssl_manager_openssl.cpp#L1364
SecureTransport: https://github.com/mongodb/mongo/blob/2145028db135b539c51713acad6952ef36e646cf/src/mongo/util/net/ssl_manager_apple.cpp#L489

These name comparators should attempt to match IP address as well.

Case : If there is an IP address in the SAN field that is flagged with DNS Name instead of IP Address, then allow it and compare as an IP address, but flag the user with a warning upon startup of the console. 

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 22/Jul/19 ]

Author:

{'name': 'Kay Kim', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12126: 4.2 tls/ssl connection SAN ip address matching available
Branch: master
https://github.com/mongodb/docs/commit/d52d17258d8e01c7352a33d201705c34407bbba7

Generated at Thu Feb 08 08:04:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.