[SERVER-13095] Fail to start without certificate authority when ssl is enabled unless --sslallowInvalidCertificates is also specified Created: 07/Mar/14  Updated: 05/May/14  Resolved: 13/Mar/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.6.0-rc1
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Tyler Brock Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

The warning we have currently is not enough:

2014-03-07T12:49:45.742-0500 warning: No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter

Users should have to additionally specify --sslAllowInvalidCertificates in order to start the server when:

  • SSL is enabled in any way
  • No certificate has been provided via --sslCAFile

It is extremely easy to not see the warning and assume that certificate validation is occurring.



 Comments   
Comment by Tyler Brock [ 13/Mar/14 ]

It works as expected for me via the command line. When the server is started without a the CA file it does not authenticate a user via x509.

Comment by Andy Schwerin [ 07/Mar/14 ]

tyler@10gen.com et al will confirm that unvalidated user certificates cannot be used for client authentication. If that is true, we'll resolve this as "not a bug", since failure to supply a CA file was synonymous with "do not require clients to present certificates" in the original design.

Comment by Eric Milkie [ 07/Mar/14 ]

I'd rather not make this situation an error on startup. Since no one will be able to connect, any administrator who starts the server in this way will very soon discover the problem and correct it.

Generated at Thu Feb 08 03:30:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.