<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:41:02 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CSHARP-1911] Certificate use clarification</title>
                <link>https://jira.mongodb.org/browse/CSHARP-1911</link>
                <project id="10041" key="CSHARP">C# Driver</project>
                    <description>&lt;p&gt;Hi,&lt;/p&gt;

&lt;p&gt;I think I have identified a bug in the use of X509Certificate2 certificates in the C# driver (not a security flaw but it does break the driver when using pfx certificates), specifically in the way certificates are cloned in memory. Before I submit a bug report and fix via a PR, I just wanted to make sure I understand the code.&lt;/p&gt;

&lt;p&gt;Specifically, in the documentation there is the following: &lt;a href=&quot;http://mongodb.github.io/mongo-csharp-driver/2.2/reference/driver/ssl/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://mongodb.github.io/mongo-csharp-driver/2.2/reference/driver/ssl/&lt;/a&gt;&lt;br/&gt;
IMPORTANT&lt;br/&gt;
It is imperative that when loading a certificate with a password, the PrivateKey property not be null. If the property is null, it means that your certificate does not contain the private key and will not be passed to the server.&lt;/p&gt;

&lt;p&gt;Can you please clarify this for me? I am confused as to why the above only seems to apply when you are using a password on the certificate - is it not possible to create a certificate with public key and private key but without a password, and if so in this case is the private key not required in the client?&lt;/p&gt;

&lt;p&gt;Thanks,&lt;br/&gt;
Alex&lt;/p&gt;</description>
                <environment></environment>
        <key id="352898">CSHARP-1911</key>
            <summary>Certificate use clarification</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="robert@mongodb.com">Robert Stam</assignee>
                                    <reporter username="adawes">Alex Dawes</reporter>
                        <labels>
                            <label>question</label>
                    </labels>
                <created>Thu, 9 Feb 2017 13:51:04 +0000</created>
                <updated>Fri, 5 Apr 2019 13:58:06 +0000</updated>
                            <resolved>Thu, 2 Mar 2017 14:55:35 +0000</resolved>
                                    <version>2.3.0-beta1</version>
                    <version>2.3</version>
                    <version>2.4</version>
                    <version>2.4.1</version>
                    <version>2.4.2</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="1496677" author="adawes" created="Fri, 10 Feb 2017 09:10:31 +0000"  >&lt;p&gt;Bug ticket created at &lt;a href=&quot;https://jira.mongodb.org/browse/CSHARP-1914&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/CSHARP-1914&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1496115" author="adawes" created="Thu, 9 Feb 2017 17:25:13 +0000"  >&lt;p&gt;We use certificates with passwords, and having upgraded from 2.2.3 to 2.4.1 a few days ago we immediately saw connection problems on mongo clusters with auth handled by certificates. On the client side we saw timeout messages when trying to connect and the mongo logs were suggesting that the SSL certificates were missing. &lt;/p&gt;

&lt;p&gt;Apologies for the vagueness of this - I&apos;m on my mobile at the moment, and will post the actual error messages when I get back to my computer.&lt;/p&gt;

&lt;p&gt;My debugging fits well with what you wrote above - I believe the private keys are being dropped from the certs as they are being added to the SslSettings object due to a bug in the CloneCertificate method. Again I will post a more thorough bug report and PR for a fix when I am back at my computer.&lt;/p&gt;

&lt;p&gt;Alex&lt;/p&gt;</comment>
                            <comment id="1495997" author="craiggwilson" created="Thu, 9 Feb 2017 16:03:09 +0000"  >&lt;p&gt;All the comment is noting is that if you load up a certificate and there isn&apos;t a private key, then it won&apos;t send the certificate. If there isn&apos;t a password, this shouldn&apos;t be a problem and the private key will simply get loaded as part of the construction of an X509Certificate2.  However, if the certificate is password protected, then it will silently not load the private key.. Hence the warning.&lt;/p&gt;

&lt;p&gt;Perhaps you could indicate what issue you are having in practice.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsuttr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>