[SERVER-35196] Unable to X.509 authenticate using a client certificate with a subjectAltName component Created: 23/May/18 Updated: 29/Oct/23 Resolved: 06/Jun/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.0.0-rc0 |
| Fix Version/s: | 4.0.0-rc3, 4.1.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Timothy Olsen (Inactive) | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Steps To Reproduce: | Generate appropriate PEM keyfiles. Have the subject for your client certificate include a subjectAltName component Start mongod Insert user with the username matching the client certificate subject. Connect to the mongod using the client certificate and try to authenticate using X.509 auth. |
||||||||
| Sprint: | Platforms 2018-06-18 | ||||||||
| Participants: | |||||||||
| Description |
|
I believe this is a regression introduced in 4.0.0-rc0. The same automated test of ours that triggered this did not have this problem with 3.7.9. I have seen this happen on Amazon Linux and macOS. Basically, if I have a PEM key file with a certificate with a subjectAltName component:
And that user exists on the mongod:
This is what happens when I try to authenticate:
|
| Comments |
| Comment by Githook User [ 06/Jun/18 ] |
|
Author: {'username': 'sgolemon', 'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com'}Message: (cherry picked from commit 23cd748c2df0800d908bb6c0e8b29d6f6ef7d0da) |
| Comment by Githook User [ 06/Jun/18 ] |
|
Author: {'username': 'sgolemon', 'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com'}Message: |