[SERVER-42287] SNI names are not allowed to include IP addresses Created: 18/Jul/19  Updated: 29/Oct/23  Resolved: 06/Sep/19

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.3.1

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Adam Cooper (Inactive)
Resolution: Fixed Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-41045 Add SNI support for windows SSL Closed
Problem/Incident
causes SERVER-43234 Fix temporary changes made to SERVER-... Closed
Related
Backwards Compatibility: Minor Change
Operating System: ALL
Sprint: Security 2019-07-29, Security 2019-08-12, Security 2019-08-26, Security 2019-09-09
Participants:
Linked BF Score: 0

 Description   

Per RFC 6066:

3. Server Name Indication
...
Literal IPv4 and IPv6 addresses are not permitted in "HostName".

MongoD currently sends 127.0.0.1 instead of localhost in local testing. Discovered when using the encrypted storage engine to talk to a kmip server using rustls.



 Comments   
Comment by Githook User [ 01/Oct/19 ]

Author:

{'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-43234 Fix temporary changes made to SERVER-42287
Branch: master
https://github.com/mongodb/mongo/commit/8be05f0607113b2406d6d6c4fc5c0f998b012812

Comment by Githook User [ 07/Sep/19 ]

Author:

{'username': 'benety', 'email': 'benety@mongodb.com', 'name': 'Benety Goh'}

Message: SERVER-42287 sni_name_advertisement.js runs whatsmysni on primary shard instead of using multicast
Branch: master
https://github.com/mongodb/mongo/commit/f418bf9647a7f117abb85d94fa94701615e4e948

Comment by Githook User [ 07/Sep/19 ]

Author:

{'name': 'Benety Goh', 'username': 'benety', 'email': 'benety@mongodb.com'}

Message: SERVER-42287 remove trailing null characters from SNI name under mac os x
Branch: master
https://github.com/mongodb/mongo/commit/903e13a149ff05531be4658a8ee87c6e9d277727

Comment by Githook User [ 07/Sep/19 ]

Author:

{'name': 'Benety Goh', 'username': 'benety', 'email': 'benety@mongodb.com'}

Message: SERVER-42287 fix windows openssl compile
Branch: master
https://github.com/mongodb/mongo/commit/87eac524b932b132dac3c8fdad556499c54cc558

Comment by Githook User [ 06/Sep/19 ]

Author:

{'name': 'Benety Goh', 'username': 'benety', 'email': 'benety@mongodb.com'}

Message: SERVER-42287 fix mac os x compile
Branch: master
https://github.com/mongodb/mongo/commit/d71bcf6c01b4069890c07dc94b6ece54f03d9a8c

Comment by Githook User [ 06/Sep/19 ]

Author:

{'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-42287 SNI names are not allowed to include IP addresses
Branch: master
https://github.com/mongodb/mongo/commit/1a356ca342019c8cf9f779d54c06f341ceeb32ab

Comment by Githook User [ 06/Sep/19 ]

Author:

{'name': 'Adam Cooper', 'username': 'super-cooper', 'email': 'adam.cooper@mongodb.com'}

Message: SERVER-42287 SNI names are not allowed to include IP addresses
Branch: master
https://github.com/mongodb/mongo/commit/3e6f3e9144e33790711b0b656bae85ed5015504b

Generated at Thu Feb 08 05:00:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.