[SERVER-12748] Disallow invalid combinations of sslMode and clusterAuthMode Created: 14/Feb/14  Updated: 11/Jul/16  Resolved: 19/Feb/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.5
Fix Version/s: 2.6.0-rc0

Type: Bug Priority: Major - P3
Reporter: Shaun Verch Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

The invalid states are as follows:

sslMode clusterAuthMode
disabled sendKeyFile, sendX509, or x509
allowSSL sendX509, or x509

The above table must be checked at startup time. At runtime, only the following must be checked to preserve these invariants:

sendKeyFile -> sendX509: Verify that sslMode is either preferSSL or requireSSL



 Comments   
Comment by Githook User [ 10/Jun/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: SERVER-12748 Tests for invalid transitions of clusterAuthMode without outgoing SSL
Branch: master
https://github.com/mongodb/mongo/commit/71d75ac4865665f4418a5f26200506f45a6d98d1

Comment by Githook User [ 19/Feb/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-12748 Prevent invalid sslMode and clusterAuthMode combinations
Branch: master
https://github.com/mongodb/mongo/commit/7824eac06e596d26165744229c3121af55305534

Comment by Andreas Nilsson [ 19/Feb/14 ]

http://codereview.10gen.com/4742452187496448/

Comment by Andreas Nilsson [ 18/Feb/14 ]

The first invalid state is already taken care of. We do check that SSL is enabled before allowing a clusterAuthMode requiring SSL support.

Generated at Thu Feb 08 03:29:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.