<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:24:34 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2038] Test tlsCertificateKeyFile .pem file with certificate chain</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2038</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;Test that setting a &lt;tt&gt;tlsCertificateKeyFile&lt;/tt&gt;&#160;to a .pem file with a certificate chain succeeds.&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;Scope&quot;&gt;&lt;/a&gt;&lt;b&gt;Scope&lt;/b&gt;&lt;/h3&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Add a .pem file with a private key, certificate, and one intermediate certificate to &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/tree/master/.evergreen/x509gen&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;drivers-evergreen-tools/.evergreen/x509gen&lt;/a&gt;.&lt;/li&gt;
	&lt;li&gt;Test specifying the certificate as &lt;tt&gt;tlsCertificateKeyFile&lt;/tt&gt; in the URI.&lt;/li&gt;
&lt;/ul&gt;


&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2263&quot; title=&quot;Not loading all certs in a PEM file&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2263&quot;&gt;&lt;del&gt;GODRIVER-2263&lt;/del&gt;&lt;/a&gt; identified a Go driver bug parsing a &lt;tt&gt;tlsCertificateKeyFile&lt;/tt&gt; with a certificate chain.&lt;/p&gt;

&lt;p&gt;This .pem file includes the following:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Private Key&lt;/li&gt;
	&lt;li&gt;Certificate 1 for Private Key&lt;/li&gt;
	&lt;li&gt;Certificate 2 for Issuer of Certificate 1.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;The Go driver was incorrectly attempting to associate Private Key with Certificate 2.&lt;/p&gt;

&lt;p&gt;The expected order of certificates in a .pem file is described in: &lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.2&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;RFC 5246 7.4.2&lt;/a&gt;:&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;certificate_list&lt;br/&gt;
 This is a sequence (chain) of certificates. The sender&apos;s&lt;br/&gt;
 certificate MUST come first in the list. Each following&lt;br/&gt;
 certificate MUST directly certify the one preceding it.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;The motivation of this ticket is the possibility of other drivers having a similar bug. There is no certificate in &lt;a href=&quot;https://github.com/mongodb-labs/drivers-evergreen-tools/tree/master/.evergreen/x509gen&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;drivers-evergreen-tools/.evergreen/x509gen&lt;/a&gt; to test.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/834/files#diff-b5550a45b27606f58209f7edce86b5a6ccf9ccc52285d88b94fdd574eea435ae&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;This .pem file&lt;/a&gt; was created for the Go driver by concatenating test files from:&lt;br/&gt;
 &lt;a href=&quot;https://x509gen.corp.mongodb.com/#/cert/5ce5b21a42a0ef0008b11399&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://x509gen.corp.mongodb.com/#/cert/5ce5b21a42a0ef0008b11399&lt;/a&gt;&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Drivers-Testing-Client-Second-Level.key&lt;/li&gt;
	&lt;li&gt;Drivers-Testing-Client-Second-Level.pem&lt;/li&gt;
	&lt;li&gt;Drivers-Testing-Client-Intermediate.pem&lt;/li&gt;
&lt;/ul&gt;


&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;

&lt;p&gt;Users enabling TLS and including intermediate certificates in the certificate chain.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;

&lt;p&gt;Users may be confused or annoyed. If a driver has a bug similar to &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2263&quot; title=&quot;Not loading all certs in a PEM file&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2263&quot;&gt;&lt;del&gt;GODRIVER-2263&lt;/del&gt;&lt;/a&gt;, users may need to reorder sections in their client certificates.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;

&lt;p&gt;Yes.&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="1968806">DRIVERS-2038</key>
            <summary>Test tlsCertificateKeyFile .pem file with certificate chain</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="10038" iconUrl="https://jira.mongodb.org/images/icons/subtask.gif" description="">Backlog</status>
                    <statusCategory id="2" key="new" colorName="default"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Fri, 21 Jan 2022 22:37:43 +0000</created>
                <updated>Fri, 21 Apr 2023 19:33:06 +0000</updated>
                                                                <component>URI Options</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="4328603" author="james.kovacs" created="Tue, 1 Feb 2022 19:47:32 +0000"  >&lt;p&gt;Testing PEM files with cert chains is definitely worthwhile. I would suggest creating a PR with the concatenated PEM file to &lt;tt&gt;drivers-evergreen-tools&lt;/tt&gt;. We need a new test in &lt;tt&gt;tls-option.&lt;span class=&quot;error&quot;&gt;&amp;#91;yml|json&amp;#93;&lt;/span&gt;&lt;/tt&gt; that uses this new PEM file along with some verbiage about validating the cert chain.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1958835">GODRIVER-2263</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i00spr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>