[SERVER-17632] Several certificates in jstests/lib have incorrect X509v3 Subject Alternative Name specifications Created: 17/Mar/15 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.0.0 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Jeffrey Yemin | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | platforms-re-triaged | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Participants: | |||||||||
| Description |
|
Subject Alternative Names that are IP addresses have to be specifically identified as such. But server.pem and several others in jstests/lib have this:
whereas it should be:
Correctly written clients will fail to connect on 127.0.0.1 to a server presenting this certificate. |
| Comments |
| Comment by Stuart Larsen (Inactive) [ 11/May/18 ] |
|
The tool was redeployed after the fix. It's currently running on techops deis/atlas. If the tool goes down I'll kick it, but that's pretty much all I do for it. If the tool is providing value to teams we should look at finding a real owner for it. |