<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:22:52 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-10330] Perform SSL server certificate validation in the C++ driver</title>
                <link>https://jira.mongodb.org/browse/SERVER-10330</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Implement a hostname check of the server on the client side. Check SAN match first and then CN.&lt;br/&gt;
Also, check that the server certificate is currently valid (not expired, and not &apos;not-yet-valid&apos;).&lt;/p&gt;

&lt;p&gt;These behaviors should be configurable before first-use of the driver, by manipulating the process-global connection ssl configuration state (formerly cmdLine.sslOnNormalPorts).&lt;/p&gt;</description>
                <environment></environment>
        <key id="83483">SERVER-10330</key>
            <summary>Perform SSL server certificate validation in the C++ driver</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="andreas.nilsson">Andreas Nilsson</assignee>
                                    <reporter username="andreas.nilsson">Andreas Nilsson</reporter>
                        <labels>
                    </labels>
                <created>Thu, 25 Jul 2013 14:00:10 +0000</created>
                <updated>Fri, 30 Oct 2015 14:41:38 +0000</updated>
                            <resolved>Tue, 12 Nov 2013 14:28:22 +0000</resolved>
                                    <version>2.5.1</version>
                                    <fixVersion>2.5.4</fixVersion>
                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="455186" author="auto" created="Tue, 12 Nov 2013 21:17:49 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-10330&quot; title=&quot;Perform SSL server certificate validation in the C++ driver&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-10330&quot;&gt;&lt;del&gt;SERVER-10330&lt;/del&gt;&lt;/a&gt; Fixed build failure on enterprise builds&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/0be500e771b210650741d5b5783896d4dff2679a&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/0be500e771b210650741d5b5783896d4dff2679a&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="455065" author="auto" created="Tue, 12 Nov 2013 18:42:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;andy10gen&apos;, u&apos;name&apos;: u&apos;Andy Schwerin&apos;, u&apos;email&apos;: u&apos;schwerin@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-10330&quot; title=&quot;Perform SSL server certificate validation in the C++ driver&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-10330&quot;&gt;&lt;del&gt;SERVER-10330&lt;/del&gt;&lt;/a&gt; Fix compile.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/530c21a9f87b971aa149e80af778fa48473b7e75&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/530c21a9f87b971aa149e80af778fa48473b7e75&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="454918" author="andreas.nilsson@10gen.com" created="Tue, 12 Nov 2013 14:28:22 +0000"  >&lt;p&gt;From 2.5.4 we will be performing hostname validation of the server certificates in the C++ driver. That is if the name listed in the CN or SAN fields of the certificate does not match the actual host name the connection will be terminated. We should probably document this for setting up SSL-enabled clusters.&lt;/p&gt;

&lt;p&gt;This applies to both the shell/C++ driver and for server-server connections within a cluster.&lt;/p&gt;

&lt;p&gt;For both the server and client there is a new cmd line param to override this behavior called --sslAllowInvalidCertificates. This new flag will not only override hostname validation checks but also invalid certificates in general.&lt;/p&gt;</comment>
                            <comment id="454908" author="auto" created="Tue, 12 Nov 2013 14:06:40 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-10330&quot; title=&quot;Perform SSL server certificate validation in the C++ driver&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-10330&quot;&gt;&lt;del&gt;SERVER-10330&lt;/del&gt;&lt;/a&gt; &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-11195&quot; title=&quot;Mongo Shell Should Not Connect to Servers w/ Invalid or Expired SSL Certificates&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-11195&quot;&gt;&lt;del&gt;SERVER-11195&lt;/del&gt;&lt;/a&gt; SSL server hostname validation&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/b5d36ec05cd4f22e02a8b4143954980946710648&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/b5d36ec05cd4f22e02a8b4143954980946710648&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="441087" author="schwerin" created="Tue, 15 Oct 2013 19:05:58 +0000"  >&lt;p&gt;No, I would add a separate configuration variable, the &quot;server certificate validation mode&quot;, maybe?&lt;/p&gt;</comment>
                            <comment id="441064" author="andreas.nilsson@10gen.com" created="Tue, 15 Oct 2013 18:46:59 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=schwerin&quot; class=&quot;user-hover&quot; rel=&quot;schwerin&quot;&gt;schwerin&lt;/a&gt; Are you suggesting we expand the context of sslMode to include validation or not? If so how do we support &quot;multidimensional&quot; configurations? That is how to concurrently represent:&lt;/p&gt;

&lt;p&gt;communication mode: noSSL/acceptSSL/sendAcceptSSL/sslOnly&lt;br/&gt;
validation mode: on/off&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="93533">SERVER-11107</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 17 Sep 2013 18:01:07 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 14 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>andreas.nilsson</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 14 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andreas.nilsson</customfieldvalue>
            <customfieldvalue>schwerin@mongodb.com</customfieldvalue>
            <customfieldvalue>auto</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrmlof:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrrudb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>76311</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrkxlb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>