[SERVER-34545] InternalError Unable to convert CoreFoundation string on Mac Created: 18/Apr/18  Updated: 29/Oct/23  Resolved: 19/Apr/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.7.4
Fix Version/s: 3.7.6

Type: Bug Priority: Major - P3
Reporter: Shane Harvey Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: OS X
Sprint: Platforms 2018-04-23
Participants:

 Description   

The mongo shell fails

$ ~ /Users/shane/Downloads/mongodb-osx-x86_64-enterprise-3.7.4/bin/mongo --ssl --sslPEMKeyFile=/Users/shane/git/mongo-python-driver/test/certificates/client.pem
Failed global initialization: InternalError Unable to convert CoreFoundation string

Mongod starts but is unable to accept any connections:

$ cat config.txt
bind_ip=localhost
port=27017
ipv6=true
sslOnNormalPorts=true
sslWeakCertificateValidation=true
sslCAFile=/Users/shane/git/mongo-python-driver/test/certificates/ca.pem
sslPEMKeyFile=/Users/shane/git/mongo-python-driver/test/certificates/server.pem
dbpath=/var/folders/lm/b1r2f8p503xg40r6x2rqv7fr0000gp/T/mongo-oy2q7nj0
networkMessageCompressors=zlib,snappy,noop
setParameter = enableTestCommands=1
$ /Users/shane/Downloads/mongodb-osx-x86_64-enterprise-3.7.4/bin/mongod --config config.txt
...
2018-04-18T11:04:48.244-0700 I NETWORK  [listener] connection accepted from 127.0.0.1:63630 #103 (1 connection now open)
2018-04-18T11:04:48.322-0700 I NETWORK  [conn103] Error receiving request from client: InternalError: Unable to convert CoreFoundation string. Ending connection from 127.0.0.1:63630 (connection id: 103)
2018-04-18T11:04:48.322-0700 I NETWORK  [conn103] end connection 127.0.0.1:63630 (0 connections now open)

$ python3.6
Python 3.6.1 (v3.6.1:69c0db5050, Mar 21 2017, 01:21:04)
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> c = MongoClient(ssl_certfile='/Users/shane/git/mongo-python-driver/test/certificates/client.pem', ssl_cert_reqs=None, ssl_match_hostname=False,ssl_ca_certs='/Users/shane/git/mongo-python-driver/test/certificates/ca.pem')
>>> c.admin.command('ismaster')

The certificates used are the python drivers test certs: https://github.com/mongodb/mongo-python-driver/tree/master/test/certificates



 Comments   
Comment by Githook User [ 19/Apr/18 ]

Author:

{'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto', 'name': 'Mark Benvenuto'}

Message: SERVER-34545 Handle empty RDNs in Certificate subject names
Branch: master
https://github.com/mongodb/mongo/commit/77a1aa2e1b1556c9ba88acd13c7fa1621c24a801

Generated at Thu Feb 08 04:37:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.