[SERVER-51599] Allow creating an SSLConnectionContext from in-memory certificates Created: 14/Oct/20  Updated: 29/Oct/23  Resolved: 15/Nov/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.9.0-alpha0

Type: Task Priority: Major - P3
Reporter: Andrew Shuvalov (Inactive) Assignee: Andrew Shuvalov (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-51811 Make the TransportLayerASIO to accept... Closed
Problem/Incident
Related
related to SERVER-52870 Investigate SSL breakages reproduced ... Closed
is related to SERVER-52858 Server-side MacOS and Windows SSL con... Closed
is related to SERVER-51600 Make donorStartMigration and recipien... Closed
Backwards Compatibility: Fully Compatible
Sprint: Sharding 2020-10-19, Sharding 2020-11-02, Sharding 2020-11-16, Sharding 2020-11-30
Participants:
Linked BF Score: 32

 Description   

This is part of the effort to "Support Multiple Cluster Certificates for Tenant Migrations".

In the existing code (see SSLManagerOpenSSL::_setupPEM()) the certificate has to be read from PEM file. In the tenant migration project we need to support temporary certificates sent to us as part of the start migration command. The cert will be sent as a payload to this command.



 Comments   
Comment by Githook User [ 25/Nov/20 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-51599: no SSL build fix in transport layer mock
Branch: master
https://github.com/mongodb/mongo/commit/233c2a563ffa208d191f75e40fd4393ae26da058

Comment by Githook User [ 15/Nov/20 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-51599: BFG-723730 fix Windows build of ssl_manager_test.cpp and filed SERVER-52858
Branch: master
https://github.com/mongodb/mongo/commit/67197d16f71ca846adc4ad9b7d19cfd1d56b95e7

Comment by Githook User [ 15/Nov/20 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-51599: BFG-723730 fix Windows build of ssl_manager_test.cpp as sslv23 is undefined
Branch: master
https://github.com/mongodb/mongo/commit/a913507dc28c01db00d72b092881a7c7bdcf3dd7

Comment by Githook User [ 15/Nov/20 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-51599: Allow creating an SSLConnectionContext from in-memory certificates
Branch: master
https://github.com/mongodb/mongo/commit/fe88fed31376d6e2dc95af46342fb3c87c164ab1

Comment by Githook User [ 13/Nov/20 ]

Author:

{'name': 'sviatlana_zuiko', 'email': 'sviatlana.zuiko@mongodb.com'}

Message: Revert "SERVER-51599: Allow creating an SSLConnectionContext from in-memory certificates"

This reverts commit 8b195f11cbb144685baa20486b497528c8dde667.
Branch: master
https://github.com/mongodb/mongo/commit/796ee2ee8b8a7bb146bfa7a45eafb4b075a55372

Comment by Githook User [ 13/Nov/20 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-51599: Allow creating an SSLConnectionContext from in-memory certificates
Branch: master
https://github.com/mongodb/mongo/commit/8b195f11cbb144685baa20486b497528c8dde667

Comment by Andrew Shuvalov (Inactive) [ 04/Nov/20 ]

I have good progress in the next https://jira.mongodb.org/browse/SERVER-51811 ticket, but the next CR is still blocked on this one to be submitted.

Generated at Thu Feb 08 05:25:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.