[SERVER-14518] Allow disabling hostname validation for SSL Created: 09/Jul/14 Updated: 27/Oct/15 Resolved: 22/Jul/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.6.4, 2.7.4 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Alexander Komyagin | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backport Completed: | |||||||||||||
| Participants: | |||||||||||||
| Description |
|
For OEM and DBaaS solutions with SSL offering, users can benefit from having the ability to disable hostname validation in mongod's (and drivers) as the exact hostnames are not known in advance. (however, CA validation is possible) |
| Comments |
| Comment by Githook User [ 23/Jul/14 ] |
|
Author: {u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: (cherry picked from commit 138d78bd6d3b28db332f263bd808ccb4f1ac6979) |
| Comment by Spencer Jackson [ 22/Jul/14 ] |
|
http://docs.mongodb.org/manual/reference/configuration-options/ should probably be updated to describe the new option. |
| Comment by Githook User [ 22/Jul/14 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'spencerjackson', u'email': u'spencerandrewjackson@yahoo.com'}Message: Merge pull request #713 from spencerjackson/
|
| Comment by Githook User [ 22/Jul/14 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'spencerjackson', u'email': u'spencerandrewjackson@yahoo.com'}Message: Merge pull request #713 from spencerjackson/
|
| Comment by Githook User [ 22/Jul/14 ] |
|
Author: {u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |
| Comment by Alexander Komyagin [ 09/Jul/14 ] |
|
we might want to introduce a global "weak validation" option to encompass this and other potential knobs (like weak validation, etc.) |