[SERVER-72846] Fix misleading startup warning about client certificate validation Created: 13/Jan/23  Updated: 29/Oct/23  Resolved: 17/Feb/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Bug Priority: Major - P3
Reporter: Erwin Pe Assignee: Adrian Gonzalez Montemayor
Resolution: Fixed Votes: 0
Labels: auto-reverted, neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
Related
related to SERVER-72234 System-wide CA certificate store not ... Closed
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Sprint: Security 2023-01-23, Security 2023-02-06, Security 2023-02-20
Participants:
Linked BF Score: 157

 Description   

This warning at startup:

{
    "t": {"$date": "2022-12-19T08:37:18.220+01:00"},
    "s": "W",
    "c": "CONTROL",
    "id": 22133,
    "ctx": "initandlisten",
    "msg": "No client certificate validation can be performed since no CA file has been provided. Please specify an sslCAFile parameter"
}

is logged when the CAFile is unspecified. However, if clusterCAFile is specified (instead of CAFile), this warning is still logged even though client certificate validation can be performed using the clusterCAFile. We should fix it so that this warning only shows up if CAFile and clusterCAFile are not provided.



 Comments   
Comment by Githook User [ 16/Feb/23 ]

Author:

{'name': 'Adrian Gonzalez', 'email': 'adriangonzalezmontemayor@gmail.com', 'username': 'adriangzz'}

Message: SERVER-72846 Fix misleading startup warning about client certificate validation
Branch: master
https://github.com/mongodb/mongo/commit/03bb1f090d8ffba44a6b8a148498630bd05a0ea3

Comment by xgen-buildbaron-user [ 16/Feb/23 ]

Ticket re-opened due to revert. ssl began a consistent failure of jstests\ssl\tls_startup_warning.js

Comment by Githook User [ 16/Feb/23 ]

Author:

{'name': 'auto-revert-processor', 'email': 'dev-prod-dag@mongodb.com', 'username': ''}

Message: Revert "SERVER-72846 Fix misleading startup warning about client certificate validation"

This reverts commit d4a12374e4ae013b12476418d796c4112b5bcd0d.
Branch: master
https://github.com/mongodb/mongo/commit/050846ffd5f858b7a5cf07acbc8bca686eed7961

Comment by Githook User [ 15/Feb/23 ]

Author:

{'name': 'Adrian Gonzalez', 'email': 'adriangonzalezmontemayor@gmail.com', 'username': 'adriangzz'}

Message: SERVER-72846 Fix misleading startup warning about client certificate validation
Branch: master
https://github.com/mongodb/mongo/commit/d4a12374e4ae013b12476418d796c4112b5bcd0d

Generated at Thu Feb 08 06:22:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.