[SERVER-36420] SecTrustCopyAnchorCertificates is not safe to use after a fork Created: 02/Aug/18  Updated: 29/Oct/23  Resolved: 21/Aug/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.0.4, 4.1.3

Type: Bug Priority: Major - P3
Reporter: Jonathan Reams Assignee: Jonathan Reams
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.0
Sprint: Platforms 2018-08-27
Participants:
Linked BF Score: 35

 Description   

In our death test unit tests we've started to see segfaults inside of SecTrustCopyAnchorCertificates after fork() when spinning up a NetworkInterface with SSL (see BF-9858).



 Comments   
Comment by Githook User [ 12/Oct/18 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-36420 Only load anchor certificates at startup on OSX w/OpenSSL

(cherry picked from commit 2903d3f57d9fb045faa72f8748be910fccd58b1a)
Branch: v4.0
https://github.com/mongodb/mongo/commit/f68a175ffe75336cef7d95a4c9fd3f8a4ae6922d

Comment by Githook User [ 21/Aug/18 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-36420 Only load anchor certificates at startup on OSX w/OpenSSL
Branch: master
https://github.com/mongodb/mongo/commit/2903d3f57d9fb045faa72f8748be910fccd58b1a

Comment by Max Hirschhorn [ 16/Aug/18 ]

jonathan.reams, does this impact the --fork option to mongod or is it really only limited to the death tests' usage of fork()?

Generated at Thu Feb 08 04:43:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.