[SERVER-17632] Several certificates in jstests/lib have incorrect X509v3 Subject Alternative Name specifications Created: 17/Mar/15  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security
Affects Version/s: 3.0.0
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by JAVA-1687 Enable SSL host name verification for... Closed
Assigned Teams:
Server Security
Participants:

 Description   

Subject Alternative Names that are IP addresses have to be specifically identified as such. But server.pem and several others in jstests/lib have this:

        X509v3 Subject Alternative Name:
                DNS:localhost, DNS:127.0.0.1

whereas it should be:

        X509v3 Subject Alternative Name:
                DNS:localhost, IP:127.0.0.1

Correctly written clients will fail to connect on 127.0.0.1 to a server presenting this certificate.



 Comments   
Comment by Stuart Larsen (Inactive) [ 11/May/18 ]

The tool was redeployed after the fix. It's currently running on techops deis/atlas. 

If the tool goes down I'll kick it, but that's pretty much all I do for it. If the tool is providing value to teams we should look at finding a real owner for it.

Generated at Thu Feb 08 03:45:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.