[SERVER-34517] getMore in session while running with TLS fails Created: 17/Apr/18 Updated: 29/Oct/23 Resolved: 01/Jun/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying, Security, Sharding |
| Affects Version/s: | 4.0.0-rc0 |
| Fix Version/s: | 4.0.0-rc5, 4.1.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Charlie Swanson | Assignee: | Misha Tyulenev |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||||||
| Backport Requested: |
v4.0
|
||||||||||||||||||||||||||||||||
| Steps To Reproduce: |
The test doesn't seem to reproduce if the sharded cluster is not set up with SSL/TLS. It also seems to only impact listIndexes cursors, it does not affect find cursors or even aggregate cursors which are also globally managed. The test is not fixed by applying the patch for |
||||||||||||||||||||||||||||||||
| Sprint: | Sharding 2018-06-04 | ||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||
| Description |
|
When executing a query as part of a session with TLS enabled the following error is encountered:
|
| Comments |
| Comment by Githook User [ 07/Jun/18 ] | ||||
|
Author: {'username': 'mikety', 'name': 'Misha Tyulenev', 'email': 'misha@mongodb.com'}Message: (cherry picked from commit 5eb20d1ed6d5fd852b2192450dadbae0eec33278) | ||||
| Comment by Githook User [ 01/Jun/18 ] | ||||
|
Author: {'username': 'mikety', 'name': 'Misha Tyulenev', 'email': 'misha@mongodb.com'}Message: | ||||
| Comment by Misha Tyulenev [ 11/May/18 ] | ||||
|
Discussed with Jeff - from the current driver's test it only affects listIndexes and listCollections commands. Will take a look | ||||
| Comment by Kaloian Manassiev [ 11/May/18 ] | ||||
|
Given Charlie's comment above, where the SHA256 signature doesn't match, passing this on to the Platforms team. | ||||
| Comment by Charlie Swanson [ 17/Apr/18 ] | ||||
|
This also appears to affect the listCollections command. | ||||
| Comment by Charlie Swanson [ 17/Apr/18 ] | ||||
|
Actually, something suspicious in the log output. It looks like mongos actually did send the getMore with the lsid attached:
But it looks like mongod agrees on the session id, but not the SHA256 block? It looks like the two pieces printed below (separated by the "-") correspond to the UUID and the SHA256Block, correspondingly - assuming we're using this StringBuilder operator<<(StringBuilder&, LocialSessionId&).
I'm sending this over to sharding for investigation. |