[SERVER-13612] SSL-enabled server appears to not be sending the list of supported certificate issuers to the client Created: 16/Apr/14  Updated: 11/Jul/16  Resolved: 22/Apr/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.6.0
Fix Version/s: 2.6.2, 2.7.0

Type: Bug Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Operating System: ALL
Backport Completed:
Steps To Reproduce:

mongod --sslMode requireSSL --sslPEMKeyFile mongodb.pem --sslCAFile client-cert.crt

Participants:

 Description   

If a client has more than one key available for an SSL handshake with mutual authentication, it has two means available to choose which one to send to the server:

  1. the list of key types supported by the server (e.g., RSA, DSA)
  2. the list of supported certificate issuers

The client should send a key only if is is one of the types listed, and issued by one of the issuers listed.

It appears that the server is not sending the client the list of certificate issuers.



 Comments   
Comment by Githook User [ 25/May/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-13612 Send list of allowed SSL CAs to clients

(cherry picked from commit 1be16d8968c6bf39f01c4b3e98f854571a337823)
Branch: v2.6
https://github.com/mongodb/mongo/commit/28f06d9343c06e7f2ac46e98bf264f5f9aab8b7f

Comment by Githook User [ 22/Apr/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-13612 Send list of allowed SSL CAs to clients
Branch: master
https://github.com/mongodb/mongo/commit/1be16d8968c6bf39f01c4b3e98f854571a337823

Generated at Thu Feb 08 03:32:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.