[SERVER-14713] mongo shell default ssl behavior Created: 29/Jul/14  Updated: 11/Jul/16  Resolved: 24/Sep/14

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: None
Fix Version/s: 2.7.7

Type: Bug Priority: Major - P3
Reporter: Cory Mintz Assignee: Amalia Hawkins
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-11107 By default, mongod should not start w... Closed
Operating System: ALL
Participants:

 Description   

When using the mongo shell to connect to a mongod/mongos running with ssl, there would be less confusion over the shell's behavior if the user had to explicitly say whether they wanted certificate verification or don't.

i.e. you must specific either --sslCAFile or --skipCertificateCheck



 Comments   
Comment by Githook User [ 26/Sep/14 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-14713 fix false positives for ssl tests
Branch: master
https://github.com/mongodb/mongo/commit/128ef4c4bcf312fbe6339181e377d12744165cf9

Comment by Githook User [ 26/Sep/14 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-14713 Specify sslAllowInvalidCertificates flag in sslSpecial tests to pass with mongo shell changes
Branch: master
https://github.com/mongodb/mongo/commit/e402881e004283d292dd3e483a9df1dbd2b066e2

Comment by Githook User [ 25/Sep/14 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-14713: User must specify either sslAllowInvalidCertificates or sslCAFile when starting mongo shell in SSL mode.
Branch: master
https://github.com/mongodb/mongo/commit/3a5ea7b224b97b77cc5e21d89a41ebb762cc177c

Comment by Githook User [ 25/Sep/14 ]

Author:

{u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}

Message: Revert "SERVER-14713: User must specify either sslAllowInvalidCertificates or sslCAFile when starting mongo shell in SSL mode."

This reverts commit 0c46836a9befaff86825a8238027c8b4223ca14c.
Branch: master
https://github.com/mongodb/mongo/commit/a83553d6bff77a16f797a32c293a6832d4b72743

Comment by Githook User [ 24/Sep/14 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-14713: User must specify either sslAllowInvalidCertificates or sslCAFile when starting mongo shell in SSL mode.
Branch: master
https://github.com/mongodb/mongo/commit/0c46836a9befaff86825a8238027c8b4223ca14c

Comment by Eric Milkie [ 29/Jul/14 ]

In 2.7.4, we added a feature to the server so it will no longer start if it has an expired or invalid certificate: SERVER-11107
This may help reduce the confusion.

Generated at Thu Feb 08 03:35:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.