[SERVER-84139] Do not strip spaces (if present) in DN attributes for tlsX509ClusterAuthDNOverride Created: 13/Dec/23  Updated: 21/Dec/23  Resolved: 13/Dec/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Ahmed Sulaiman Assignee: Unassigned
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Steps To Reproduce:

{setParameter 1} {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU=367617758012} 

GerParameter result:

{O=Barclays PLC,OU=367617758012}  

Participants:

 Description   

It seems as if the server removes the spaces between attributes in DNs for the tlsX509ClusterAuthDNOverride setparam:  https://github.com/mongodb/mongo/blob/master/src/mongo/util/net/ssl_manager.cpp#L462

For example:

{setParameter 1} {tlsX509ClusterAuthDNOverride O=Barclays PLC, OU=367617758012}
 
// GerParameter result:
{O=Barclays PLC,OU=367617758012} 

The agent compares the getParam against the setParam to ensure we are in goal state, we have a help ticket (HELP-53222) where the agent was stuck because the strings were different (like the example above) even though the setParam succeeded. We don't do special handling of setParams in the agent, I asked the customer to retry without the spaces and that succeeded.

Filing a ticket as per the slack discussion: https://mongodb.slack.com/archives/CB3CW8M8C/p1702397252837439

I understand this might be difficult since what we are essentially asking for here is to preserve the spacing between the attributes (or the actual setParam that was passed in).



 Comments   
Comment by Ahmed Sulaiman [ 13/Dec/23 ]

Gonna mark this as worked as designed for now. I am going to check with the automation team first to see if there is a way to get this done via the agent first then re-open if needed.

Generated at Thu Feb 08 06:54:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.