[SERVER-53551] [polish] Make donorStartMigration and recipientSyncData validate donor and recipient certificate-key pair upfront Created: 03/Jan/21  Updated: 24/May/21  Resolved: 24/May/21

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Cheahuychou Mao Assignee: Jason Zhang
Resolution: Won't Do Votes: 0
Labels: pm-1791_non-cloud-blocking, pm-1791_polish, post-rc0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Backport Requested:
v4.9
Sprint: Sharding 2021-04-05, Sharding 2021-04-19, Sharding 2021-05-03, Sharding 2021-05-17, Sharding 2021-05-31
Participants:

 Description   

SERVER-52708 and SERVER-52709 make donorStartMigration and recipientSyncData take in donor and recipient certificate and private key PEM blobs for the migration. But both commands currently only validate the format of input PEM blobs (using the IDL validator) and do not validate upfront that the PEM blobs correspond to a valid X.509 certificate and private key pair. As a result, the commands don't fail with InvalidSSLConfiguration until the donor or the recipient try to create an SSL context to connect to each other, which is after the migration has already started. To avoid wasted work, the certificate-key pair validation should be done upfront.


Generated at Thu Feb 08 05:31:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.