[SERVER-8739] Start mongod with SSL, CAFile and CRLFile - expired CRL file - shouldn't start. Created: 26/Feb/13  Updated: 01/Apr/13  Resolved: 26/Feb/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Gregor Macadam Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
duplicates SERVER-8708 mongod shouldn't start with a revoked... Backlog
Operating System: ALL
Participants:

 Description   

ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ ./bin/mongod --dbpath ./data/ --sslOnNormalPorts --sslPEMKeyFile ../sslCA/gregorFreeBSD.pem --sslCAFile ../sslCA/cacert.pem --sslCRLFile ../sslCA/crl/crl_expire.pem --smallfiles
Tue Feb 26 17:22:54.061 [initandlisten] MongoDB starting : pid=20129 port=27017 dbpath=./data/ 64-bit host=ip-10-36-133-56
Tue Feb 26 17:22:54.061 [initandlisten] db version v2.4.0-rc1, pdfile version 4.5
Tue Feb 26 17:22:54.061 [initandlisten] git version: 1ea058cf251bda7624f2afac0b38eebd969c5105 modules: subscription
Tue Feb 26 17:22:54.061 [initandlisten] build info: Linux ip-10-80-175-252 3.2.0-38-virtual #60-Ubuntu SMP Wed Feb 13 13:42:54 UTC 2013 x86_64 BOOST_LIB_VERSION=1_49
Tue Feb 26 17:22:54.061 [initandlisten] allocator: tcmalloc
Tue Feb 26 17:22:54.061 [initandlisten] options: { dbpath: "./data/", smallfiles: true, sslCAFile: "../sslCA/cacert.pem", sslCRLFile: "../sslCA/crl/crl_expire.pem", sslOnNormalPorts: true, sslPEMKeyFile: "../sslCA/gregorFreeBSD.pem" }
Tue Feb 26 17:22:54.070 [initandlisten] journal dir=./data/journal
Tue Feb 26 17:22:54.070 [initandlisten] recover : no journal files present, no recovery needed
Tue Feb 26 17:22:54.270 [initandlisten] ssl imported 1 revoked certificate from the revocation list.
Tue Feb 26 17:22:54.272 [initandlisten] waiting for connections on port 27017 ssl
Tue Feb 26 17:22:54.272 [websvr] ssl imported 1 revoked certificate from the revocation list.
Tue Feb 26 17:22:54.272 [websvr] admin web console waiting for connections on port 28017 ssl

ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ openssl crl -in ../sslCA/crl/crl_expire.pem -noout -text
Certificate Revocation List (CRL):
        Version 2 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=gregor/emailAddress=gregor@10gen.com
        Last Update: Feb 25 16:41:41 2013 GMT
        Next Update: Feb 26 16:41:41 2013 GMT
        CRL extensions:
            X509v3 CRL Number: 
                2
Revoked Certificates:
    Serial Number: 1001
        Revocation Date: Feb 25 15:06:25 2013 GMT
    Signature Algorithm: sha1WithRSAEncryption
         7d:30:33:38:b1:9c:81:31:be:cb:02:2d:9f:63:a0:dd:f2:c6:
         de:e2:99:35:6e:01:72:93:78:94:1b:a8:5e:ca:d9:04:16:3c:
         f0:8d:4f:41:cb:15:8a:2d:1f:c5:69:2e:2c:32:ce:86:3a:25:
         6e:1c:53:d5:95:3e:6e:03:e0:77:92:a7:6f:08:4c:1a:37:40:
         12:81:23:22:d9:e6:aa:ac:c4:89:23:f1:7a:03:a6:6e:b5:cd:
         6e:13:0b:d3:81:d4:cd:f9:7f:dd:fa:76:eb:78:21:30:1f:31:
         33:59:0f:0e:2a:dc:ed:98:13:da:28:50:e2:a7:10:9c:75:be:
         cc:e3
ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ 



 Comments   
Comment by Eric Milkie [ 26/Feb/13 ]

SERVER-8708

Comment by Gregor Macadam [ 26/Feb/13 ]

Failed at 17:20 GMT

Next Update: Feb 26 16:41:41 2013 GMT

Generated at Thu Feb 08 03:18:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.