[SERVER-49080] Include TLS SNI extensions advertised by clients in debug logs Created: 24/Jun/20  Updated: 29/Oct/23  Resolved: 30/Jul/20

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: None
Fix Version/s: 4.7.0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Gabriel Marks
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
Backwards Compatibility: Fully Compatible
Sprint: Security 2020-08-10
Participants:
Case:

 Description   

The TLS SNI extension is advertised by clients, to indicate the server name they believe they are connecting to. Servers are expected to use this information to, for example, select an X.509 certificate with a Subject Alternative Name which it would expect the client to accept. MongoDB uses this information to tweak the topology information advertised in isMaster.

It would be useful for debugging to include a client's SNI extension in the debug logs.



 Comments   
Comment by Githook User [ 30/Jul/20 ]

Author:

{'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}

Message: SERVER-49080 Add SNI extension logging
Branch: master
https://github.com/mongodb/mongo/commit/c9d4e17ff66e66f8680db86d4256c0d1fbbffae5

Generated at Thu Feb 08 05:18:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.