[SERVER-52945] [auth] Make mongod use x509 auth on egress connections if NetworkInterface has SSLConnectionContext override even if other egress connections use keyFile auth Created: 19/Nov/20  Updated: 29/Oct/23  Resolved: 11/Dec/20

Status: Closed
Project: Core Server
Component/s: Replication
Affects Version/s: None
Fix Version/s: 4.9.0

Type: Task Priority: Major - P3
Reporter: Esha Maharishi (Inactive) Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: pm-1791_milestone-P
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Security 2020-11-30, Security 2020-12-14
Participants:

 Description   

In serverless, the replica sets will use keyFile auth on outgoing connections to each other, but will use x509 auth to authenticate external clients.

When a donor and recipient replica set talk to each other, they will authenticate to each other as external clients, so need to use x509 auth on their outgoing connections to each other even though they will continue to use keyFile auth on their outgoing connections to their own replica set members.

Mongod does not currently support using a mix of keyFile and x509 auth on outgoing connections; this ticket is to add this support.



 Comments   
Comment by Githook User [ 11/Dec/20 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-52945 Make mongod use x509 auth on egress connections if NetworkInterface has SSLConnectionContext override even if other egress connections use keyFile auth
Branch: master
https://github.com/mongodb/mongo/commit/19ed9c958b369bd7e1776a57bd406ebe84cf2bec

Generated at Thu Feb 08 05:29:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.