[SERVER-37793] SSL - SAN parsing issue Created: 28/Oct/18  Updated: 29/Oct/18  Resolved: 29/Oct/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 3.6.6
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: George Solymosi Assignee: Kelsey Schubert
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-24591 Support hostname validation with IP a... Closed
Operating System: ALL
Participants:

 Description   

Fedora 28

MongoDB server version: 3.6.3

I'm trying to access mongoDB via mongo shell through SSL with SAN using IP addresses:
 
[SAN]
subjectAltName = @alt_names
 
[alt_names]
IP.1 = 99.999.99.001
IP.2 = 99.999.99.001
 
But I always got the error:

[thread1] Error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name. Hostname: 99.999.99.999 does not match SAN(s): :
 
Notice empty list i.e. : : after SAN(s)!
 
Several long hours and reference searching I've got to a similar issue:
https://jira.mongodb.org/browse/SERVER-24533

Then I tried replace IP.1 to DNS.1:

DNS.1 = 99.999.99.001

 

which is not a preferred way of functionality, I guess.

 



 Comments   
Comment by George Solymosi [ 29/Oct/18 ]

Hi Kelsey,

Thank you for the info.

Kind regards,

George

Comment by Kelsey Schubert [ 29/Oct/18 ]

Hi georgegssy,

Thanks for reporting this behavior. We're tracking the work to support hostname validation with IP addresses in SAN in SERVER-24591. Please feel free to vote for SERVER-24591 and watch it for updates.

Kind regards,
Kelsey

Generated at Thu Feb 08 04:47:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.