[SERVER-32551] Cluster with x.509 membership authentication serves client connection with cluster client certificate Created: 05/Jan/18 Updated: 30/Oct/23 Resolved: 12/Jan/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Networking, Security |
| Affects Version/s: | 3.6.0, 3.6.1 |
| Fix Version/s: | 3.6.3, 3.7.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Simone Maratea | Assignee: | Spencer Jackson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Requested: |
v3.6
|
||||
| Steps To Reproduce: |
|
||||
| Sprint: | Platforms 2018-01-15 | ||||
| Participants: | |||||
| Case: | (copied to CRM) | ||||
| Description |
|
In a 3.6.0 and 3.6.1 replica set cluster with x.509 membership authentication with distinct pem files for clusterFile (with "TLS Web Client Authentication" X509v3 Extended Key Usage) and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options the client ssl connection requests are served by client certificate (with obvious [CONNECT_ERROR] for SSL peer certificate validation failed: unsupported certificate purpose). It affects 3.4 --> 3.6 upgrade cluster and also a fresh 3.6 installation. |
| Comments |
| Comment by Githook User [ 18/Jan/18 ] |
|
Author: {'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}Message: (cherry picked from commit d34d2ba2b34cc18f8c853ecaa5a9cc59f587282b) |
| Comment by Githook User [ 12/Jan/18 ] |
|
Author: {'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}Message: |