[DOCS-4584] server option net.ssl.allowInvalidHostnames is not documented Created: 28/Dec/14  Updated: 16/Mar/15  Resolved: 02/Jan/15

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: v1.3.16

Type: Improvement Priority: Major - P3
Reporter: Carl D'Halluin Assignee: Sam Kleinman (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 9 years, 6 weeks, 5 days ago

 Description   

When setting up a replicaset using SSL, people might rely on certificates signed by a trusted parent certificate. In this case they might not use hostnames at all.

A Mongo server does not want to connect to another Mongo server if the SSL hostname doesnt match. Setting net.ssl.allowInvalidCertificates to true solves this, but also makes the whole setup completely insecure.

The option net.ssl.allowInvalidHostnames works and is very useful and secure for such setups.

I found it in the code (also as an option to the mongo shell), but not in the documentation: http://docs.mongodb.org/manual/reference/configuration-options/#net.ssl.allowInvalidCertificates



 Comments   
Comment by Githook User [ 02/Jan/15 ]

Author:

{u'username': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}

Message: DOCS-4584: clarify version added date
Branch: v2.6
https://github.com/mongodb/docs/commit/e7c5c83109c0a8fc48088a95c3d83637e3d5df15

Comment by Carl D'Halluin [ 28/Dec/14 ]

I saw this in the 2.6.4 src code and higher. It is not present in 2.6.3 or before.

Generated at Thu Feb 08 07:48:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.