[DOCS-8074] Question about net.ssl.mode documentation Created: 23/Mar/16  Updated: 30/Oct/23  Resolved: 17/Oct/18

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Task Priority: Major - P3
Reporter: Kai Orend Assignee: Kay Kim (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 5 years, 17 weeks ago
Epic Link: DOCSP-1769
Story Points: 1

 Description   

https://docs.mongodb.org/manual/reference/configuration-options/#net.ssl.mode

I am not completely sure whether I don't understand the following paragraph or if it should be the other way around:

If the client presents a certificate and the mongos or mongod has net.ssl.allowConnectionsWithoutCertificates enabled, the mongos or mongod will validate the certificate using the root certificate chain specified by CAFile and reject clients with invalid certificates.

I would have expected that if allowConnectionsWithoutCertificates is enabled it would accept connections without a valid certificate, and not the other way around. Or does this mean that if this is enabled and a certificate is given by the connection, then it has to be a valid certificate but connections without a certificate would be accepted as well?



 Comments   
Comment by Githook User [ 17/Oct/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-8074: clarify sslAllowConnectionsWithoutCertificates
Branch: v3.4
https://github.com/mongodb/docs/commit/1e1b5cfcffc6f75fe74e816b6a8094876300a81f

Comment by Githook User [ 17/Oct/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-8074: clarify sslAllowConnectionsWithoutCertificates
Branch: v3.6
https://github.com/mongodb/docs/commit/423fc205fa284102bb972eb372d89c702df911fc

Comment by Githook User [ 17/Oct/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-8074: clarify sslAllowConnectionsWithoutCertificates
Branch: v4.0
https://github.com/mongodb/docs/commit/95b592a631fb877d3fbfaa9882f38705d6b78405

Comment by Githook User [ 17/Oct/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-8074: clarify sslAllowConnectionsWithoutCertificates
Branch: master
https://github.com/mongodb/docs/commit/f31ea8eefd3da43cb5462825e952c4e1489dddc5

Generated at Thu Feb 08 07:55:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.