[SERVER-35418] Allow specifying CAs for incoming and outgoing connections separately Created: 05/Jun/18 Updated: 29/Oct/23 Resolved: 29/Aug/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.4.18, 3.6.9, 4.0.3, 4.1.3 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Cory Mintz | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||||||
| Backport Requested: |
v4.0, v3.6, v3.4
|
||||||||||||||||||||||||||||||||
| Sprint: | Security 2018-09-10 | ||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||||||||||||||||||
| Linked BF Score: | 0 | ||||||||||||||||||||||||||||||||
| Description |
|
The current MongoDB parameter sslCAFile is used for both: Overloading both of these uses into the same parameter prevents safely running MongoDB with a sslPEMKeyFile signed by a public CA and also allowing the use of X509 authentication. |
| Comments |
| Comment by Githook User [ 20/Sep/18 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: (cherry picked from commit 17ccef2b9f0c71b60d31b84b8824215ff87f03aa) Option names mapped from tls* to ssl* |
| Comment by Githook User [ 20/Sep/18 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: (cherry picked from commit 17ccef2b9f0c71b60d31b84b8824215ff87f03aa) Option names mapped from tls* to ssl* |
| Comment by Githook User [ 20/Sep/18 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: (cherry picked from commit 17ccef2b9f0c71b60d31b84b8824215ff87f03aa) Option names mapped from tls* to ssl* |
| Comment by Matt Lord (Inactive) [ 29/Aug/18 ] |
|
The Atlas team has requested that we backport this work to all of their supported versions (3.2 is EOL in Sept 2018) if possible. |
| Comment by Githook User [ 29/Aug/18 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |