[SERVER-13095] Fail to start without certificate authority when ssl is enabled unless --sslallowInvalidCertificates is also specified Created: 07/Mar/14 Updated: 05/May/14 Resolved: 13/Mar/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.6.0-rc1 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Tyler Brock | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 0 |
| Labels: | 26qa | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
The warning we have currently is not enough:
Users should have to additionally specify --sslAllowInvalidCertificates in order to start the server when:
It is extremely easy to not see the warning and assume that certificate validation is occurring. |
| Comments |
| Comment by Tyler Brock [ 13/Mar/14 ] |
|
It works as expected for me via the command line. When the server is started without a the CA file it does not authenticate a user via x509. |
| Comment by Andy Schwerin [ 07/Mar/14 ] |
|
tyler@10gen.com et al will confirm that unvalidated user certificates cannot be used for client authentication. If that is true, we'll resolve this as "not a bug", since failure to supply a CA file was synonymous with "do not require clients to present certificates" in the original design. |
| Comment by Eric Milkie [ 07/Mar/14 ] |
|
I'd rather not make this situation an error on startup. Since no one will be able to connect, any administrator who starts the server in this way will very soon discover the problem and correct it. |