[SERVER-11109] Make it possible to switch or use multiple x.509 certificates in the shell Created: 09/Oct/13  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Internal Client, Shell
Affects Version/s: 2.5.2
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: cxxcopy, platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Participants:

 Description   

In our current design we have two hardcoded SSL_CTX objects for incoming and outgoing connections. This makes it impossible to create multiple outgoing connections using different certificates.

Actions:

  • Expand the SSL server/driver code to handle an arbitrary number of outgoing SSL_CTX objects.
  • Build shell functionality to specify which certificate should be used for a certain connection. This most likely involves expanding the connect() call to take a certificate path.


 Comments   
Comment by Mark Benvenuto [ 20/Aug/20 ]

Moving to Backlog and out of Epic. This was not addressed as part of the X.509 Certificate Rotation project as the project only focused on the server-side.

Generated at Thu Feb 08 03:24:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.