<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 07:57:44 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-9180] Document required CN / subjectAltName configuration for TLS certificates</title>
                <link>https://jira.mongodb.org/browse/DOCS-9180</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;p&gt;We often get questions from users about TLS handshake failures that are caused by misconfigured TLS certificates. The server and client drivers use the hostname verification algorithm described in &lt;a href=&quot;https://tools.ietf.org/html/rfc2818#section-3.1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;RFC2818 Section 3.1&lt;/a&gt;, specifically this text:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;If a subjectAltName extension of type dNSName is present, that MUST&lt;br/&gt;
be used as the identity. Otherwise, the (most specific) Common Name&lt;br/&gt;
field in the Subject field of the certificate MUST be used. Although&lt;br/&gt;
the use of the Common Name is existing practice, it is deprecated and&lt;br/&gt;
Certification Authorities are encouraged to use the dNSName instead.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Users often create TLS certificates that have a SAN dNSName of something like &quot;foo.example.com&quot;, and a CN of something like &quot;foobar.example.com&quot;. They try to connect to foobar.example.com and the TLS handshake fails, leading to a lot of confusion.&lt;/p&gt;

&lt;p&gt;TLS is complicated and difficult to explain. Let&apos;s try to give the users a fighting chance in this case. &lt;/p&gt;</description>
                <environment></environment>
        <key id="325731">DOCS-9180</key>
            <summary>Document required CN / subjectAltName configuration for TLS certificates</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="kay.kim@mongodb.com">Kay Kim</assignee>
                                    <reporter username="bernie@mongodb.com">Bernie Hackett</reporter>
                        <labels>
                    </labels>
                <created>Thu, 20 Oct 2016 20:11:02 +0000</created>
                <updated>Thu, 16 Aug 2018 18:17:29 +0000</updated>
                            <resolved>Sun, 12 Aug 2018 19:46:16 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="1973464" author="xgen-internal-githook" created="Sun, 12 Aug 2018 19:54:25 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;kay-kim&apos;, &apos;email&apos;: &apos;kay.kim@10gen.com&apos;, &apos;name&apos;: &apos;kay&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-9180&quot; title=&quot;Document required CN / subjectAltName configuration for TLS certificates&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-9180&quot;&gt;&lt;del&gt;DOCS-9180&lt;/del&gt;&lt;/a&gt;, &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-9725&quot; title=&quot;SAN / CN usage in `mongo` ssl validation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-9725&quot;&gt;&lt;del&gt;DOCS-9725&lt;/del&gt;&lt;/a&gt;: clarify tls mongo shell server certificate hostname validation&lt;br/&gt;
Branch: v3.4&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/docs/commit/9f78f8736ae229df61f387f739559cf1a1a8ff72&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/docs/commit/9f78f8736ae229df61f387f739559cf1a1a8ff72&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1973461" author="xgen-internal-githook" created="Sun, 12 Aug 2018 19:51:33 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;kay&apos;, &apos;email&apos;: &apos;kay.kim@10gen.com&apos;, &apos;username&apos;: &apos;kay-kim&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-9180&quot; title=&quot;Document required CN / subjectAltName configuration for TLS certificates&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-9180&quot;&gt;&lt;del&gt;DOCS-9180&lt;/del&gt;&lt;/a&gt;, &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-9725&quot; title=&quot;SAN / CN usage in `mongo` ssl validation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-9725&quot;&gt;&lt;del&gt;DOCS-9725&lt;/del&gt;&lt;/a&gt;: clarify tls mongo shell server certificate hostname validation&lt;br/&gt;
Branch: v3.6&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/docs/commit/39f4269df05b341ee42f830f2f7453c5e44e7f60&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/docs/commit/39f4269df05b341ee42f830f2f7453c5e44e7f60&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1973459" author="xgen-internal-githook" created="Sun, 12 Aug 2018 19:45:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;kay&apos;, &apos;email&apos;: &apos;kay.kim@10gen.com&apos;, &apos;username&apos;: &apos;kay-kim&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-9180&quot; title=&quot;Document required CN / subjectAltName configuration for TLS certificates&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-9180&quot;&gt;&lt;del&gt;DOCS-9180&lt;/del&gt;&lt;/a&gt;, &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-9725&quot; title=&quot;SAN / CN usage in `mongo` ssl validation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-9725&quot;&gt;&lt;del&gt;DOCS-9725&lt;/del&gt;&lt;/a&gt;: tls mongo shell server certificate hostname validation + update to configure ssl client page&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/docs/commit/a155e99a105da8414f33281c56202cf878409613&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/docs/commit/a155e99a105da8414f33281c56202cf878409613&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1414183" author="behackett" created="Thu, 20 Oct 2016 21:01:20 +0000"  >&lt;p&gt;This also matches the behavior of the built in hostname verification in OpenSSL &amp;gt;= 1.0.2 (previous versions didn&apos;t support hostname verification).&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://www.openssl.org/docs/manmaster/crypto/X509_check_host.html&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://www.openssl.org/docs/manmaster/crypto/X509_check_host.html&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;The X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag causes the function to consider the subject DN even if the certificate contains at least one subject alternative name of the right type (DNS name or email address as appropriate); the default is to ignore the subject DN when at least one corresponding subject alternative names is present.&lt;/p&gt;&lt;/blockquote&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="400601">DOCS-10488</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 21 Oct 2016 20:04:20 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        5 years, 26 weeks, 3 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>DOCSP-1769</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>jess.mokrzecki@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 26 weeks, 3 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>bernie@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>kay.kim@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrmebr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsr25r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrj0l3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>