[SERVER-11232] specifying pem file option on shell should automatically indicate ssl option Created: 17/Oct/13  Updated: 10/Dec/14  Resolved: 23/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.2
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Sridhar Nanjundeswaran Assignee: Shaun Verch
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows 7 Enterprise Build on 2008 R2
Git hash:
mongo - 1ea7e56cb2b8653d4b0453f04728033df34be9e1
enterprise - d919ef07f817832732d2a0a2ec68251bc161193a


Issue Links:
Depends
Related
is related to SERVER-11248 --ssl should be required if you use ... Closed
Operating System: ALL
Steps To Reproduce:
  • mongod started with sslOnNormalPorts and PEM file
  • Connect mongo shell with --sslPEMKeyFile
Participants:

 Description   

This gives
mongo.exe --sslPEMKeyFile c:\Users\qa377\Downloads\pems\client.pem
MongoDB shell version: 2.5.3-pre-
connecting to: test
2013-10-17T04:33:40.649+0000 Socket recv() errno:10054 An existing connection was forcibly closed by the remote host. 127.0.0.1:27017
2013-10-17T04:33:40.649+0000 SocketException: remote: 127.0.0.1:27017 error: 9001 socket exception [RECV_ERROR] server [127.0.0.1:27017]
2013-10-17T04:33:40.665+0000 DBClientCursor::init call() failed
2013-10-17T04:33:40.680+0000 Error: DBClientBase::findN: transport error: 127.0.0.1:27017 ns: admin.$cmd query:

{ whatsmyuri: 1 }

at src/mongo/shell/mongo.js:146
exception: connect failed

This is same error when connecting without SSL option. Specify the PEM file should default specifying --ssl



 Comments   
Comment by Shaun Verch [ 23/Oct/13 ]

Closing as "works as designed" because the way we really want to fix this is SERVER-11248, so the issue described in this ticket is the way it should work (pem file not implying --ssl)

Comment by Andreas Nilsson [ 17/Oct/13 ]

I think the shell should act consistent with the server. That is, --ssl should be required for specifying --sslPEMKeyFile. sverch is there a standard way to handle shell parameter dependencies like there is for the server?

Generated at Thu Feb 08 03:25:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.