[SERVER-4406] Better warnings for missing SSL settings in mongod.conf Created: 01/Dec/11  Updated: 11/Jul/16  Resolved: 15/Dec/11

Status: Closed
Project: Core Server
Component/s: Usability
Affects Version/s: 2.0.1
Fix Version/s: 2.1.0

Type: Improvement Priority: Minor - P4
Reporter: Brandon Diamond Assignee: Brandon Diamond
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

SSL enabled 2.0.1 64bit linux


Issue Links:
Related
Participants:

 Description   

Can't start when using a mongod.conf file that has the sslPEMKeyFile value set and no value for sslOnNormalPorts or sslPEMKeyPassword.

On the primary:

Tue Nov 22 04:34:31 [conn3] replSet replSetInitiate admin command received from client
Tue Nov 22 04:34:31 [conn3] replSet replSetInitiate config object parses ok, 3 members specified
Tue Nov 22 04:34:31 [conn3] replSet warning example.com:27017 replied:

{ errmsg: "need to login", ok: 0.0 }

On one of the other members:

Tue Nov 22 04:34:31 [initandlisten] connection accepted from 1.1.3.4:54322 #4
Tue Nov 22 04:34:31 [conn4] authenticate:

{ authenticate: 1, nonce: "2d2d2d2dd2d2d", user: "__system", key: "1372387dbd372e7328398dbd" }

Tue Nov 22 04:34:31 [conn4] end connection 1.1.3.4:54322

Fixing the mongod.conf to not set any of the 3 SSL options resolved the issue.

It may be better to have the mongod config / command line validation create a more visible warning related to SSL settings



 Comments   
Comment by auto [ 14/Dec/11 ]

Author:

{u'login': u'', u'name': u'Brandon Diamond', u'email': u'brandon@10gen.com'}

Message: SERVER-4406: Avoid failing silently with bad SSL options
Branch: master
https://github.com/mongodb/mongo/commit/2100da5aa5d5779af02c8945c8f5e43b6489dc32

Generated at Thu Feb 08 03:05:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.