[SERVER-13612] SSL-enabled server appears to not be sending the list of supported certificate issuers to the client Created: 16/Apr/14 Updated: 11/Jul/16 Resolved: 22/Apr/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.6.0 |
| Fix Version/s: | 2.6.2, 2.7.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Jeffrey Yemin | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Backport Completed: | |||||||||
| Steps To Reproduce: | mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt |
||||||||
| Participants: | |||||||||
| Description |
|
If a client has more than one key available for an SSL handshake with mutual authentication, it has two means available to choose which one to send to the server:
The client should send a key only if is is one of the types listed, and issued by one of the issuers listed. It appears that the server is not sending the client the list of certificate issuers. |
| Comments |
| Comment by Githook User [ 25/May/14 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: (cherry picked from commit 1be16d8968c6bf39f01c4b3e98f854571a337823) |
| Comment by Githook User [ 22/Apr/14 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: |