<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:19:22 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-28901] Undocumented problem with MONGODB-X509 authentication</title>
                <link>https://jira.mongodb.org/browse/SERVER-28901</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;I&apos;m the developer of the MongoKitten MongoDB driver for Swift. I&apos;m creating a connection to MongoDB using the certificate provided by IBM BlueMix. I set up the certificate and connected successfully over SSL to the MongoDB 3.2.10 instance and attempted authenticating using the &quot;MONGODB-X509&quot; mechanism. The authentication gets rejected with the following message: &quot;SSL support is required for the MONGODB-X509 mechanism.&quot;.&lt;/p&gt;

&lt;p&gt;I&apos;ve been trying to find out what this means, because I am in fact connected over SSL to the server, so I&apos;m thinking that the error message isn&apos;t describing the problem correctly. I&apos;ve had to dive into the MongoDB server codebase to figure out what this means, and it seems that it&apos;s unable to get the SSLManager object. I haven&apos;t got a clue why and how I can improve my driver to successfully connect because I&apos;m not familiar enough with the codebase to search for a solution and am hoping someone can enlighten me better and more efficiently than I can.&lt;/p&gt;</description>
                <environment>Connecting with IBM BlueMix, MongoDB 3.2.10, using the MongoKitten driver.</environment>
        <key id="376204">SERVER-28901</key>
            <summary>Undocumented problem with MONGODB-X509 authentication</summary>
                <type id="6" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14720&amp;avatarType=issuetype">Question</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13203">Gone away</resolution>
                                        <assignee username="spencer.jackson@mongodb.com">Spencer Jackson</assignee>
                                    <reporter username="Joannis">Joannis Orlandos [X]</reporter>
                        <labels>
                            <label>authentication</label>
                            <label>driver</label>
                            <label>questions</label>
                            <label>x509</label>
                    </labels>
                <created>Fri, 21 Apr 2017 14:26:01 +0000</created>
                <updated>Fri, 27 Oct 2023 20:44:07 +0000</updated>
                            <resolved>Mon, 31 Jul 2017 19:16:55 +0000</resolved>
                                                                    <component>Networking</component>
                                        <votes>0</votes>
                                    <watches>10</watches>
                                                                                                                <comments>
                            <comment id="1636717" author="spencer.jackson@10gen.com" created="Mon, 31 Jul 2017 19:16:55 +0000"  >&lt;p&gt;Hi, I&apos;m going to need to close out this ticket due to inactivity. Please feel free to reopen when you get more information!&lt;/p&gt;</comment>
                            <comment id="1587636" author="spencer.jackson@10gen.com" created="Mon, 5 Jun 2017 17:51:27 +0000"  >&lt;p&gt;I just had a thought about this. Would it be possible for you to spin up a mongod locally and try your driver against it? Using MONGODB-X509 authentication with it should be reasonably straightforward. We have some test certificates in the source repository which we use for integration tests, which I&apos;ll attach.&lt;/p&gt;

&lt;p&gt;The mongod will need the following startup flags:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;./mongod --sslMode requireSSL --sslPEMKeyFile server.pem --sslCAFile ca.pem --setParameter authenticationMechanisms=MONGODB-X509&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;You can create the user you&apos;ll be authenticating as by running, with the shell:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;use $external&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;db.createUser({user: &quot;C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client&quot;, roles: [{role: &quot;readWrite&quot;, db: &quot;admin&quot;}]})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</comment>
                            <comment id="1573020" author="joannis" created="Wed, 17 May 2017 07:02:59 +0000"  >&lt;p&gt;I&apos;m very certain that the TLS is working correctly and the bug is in my client, MongoKitten. I&apos;ve managed to set up a connection to MongoDB servers including this one using TLS on requireSSL, including using a custom CA. The problem is not the TLS connection but the X509 authentication mechanism. When I try to connect my driver to the MongoDB instance over TLS, all is fine, with the custom certificate, until I trigger the X509 authentication mechanism. At this point I&apos;m certain the driver is the issue, but the returned error seems out of place.&lt;/p&gt;

&lt;p&gt;I can track the issue to &lt;a href=&quot;https://github.com/mongodb/mongo/blob/master/src/mongo/db/commands/authentication_commands.cpp#L314&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;here&lt;/a&gt;, which suggest there is no SSL connection, which I know there is. So I&apos;m missing a step in my driver but am unsure what. The MongoDB CLI client does work as expected with the same server(s).&lt;/p&gt;

&lt;p&gt;I&apos;m currently unable to access the server, so I cannot test your command on the server that I did have X509 authentication set up on. I&apos;ll try to set up a second server with X509 in the coming days.&lt;/p&gt;</comment>
                            <comment id="1572305" author="spencer.jackson@10gen.com" created="Tue, 16 May 2017 15:08:49 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=Joannis&quot; class=&quot;user-hover&quot; rel=&quot;Joannis&quot;&gt;Joannis&lt;/a&gt;, just following up. Are you still encountering this issue?&lt;/p&gt;</comment>
                            <comment id="1560168" author="spencer.jackson@10gen.com" created="Fri, 28 Apr 2017 13:51:51 +0000"  >&lt;p&gt;I think I need more than client-side logs. The error you&apos;re getting should occur when the server hasn&apos;t been configured with TLS. I want to obtain a copy of your server&apos;s configuration, to ensure that it isn&apos;t behind some form of TLS terminating proxy.&lt;/p&gt;

&lt;p&gt;Can you run the following command in the mongo shell, and paste the output on this ticket?&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;db.getSiblingDB(&quot;admin&quot;).runCommand({getCmdLineOpts: 1})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;Thanks!&lt;/p&gt;</comment>
                            <comment id="1560102" author="joannis" created="Fri, 28 Apr 2017 11:51:01 +0000"  >&lt;p&gt;I don&apos;t have direct control over this instance. It&apos;s hosted by a third party and made available to me for driver development. Would the client-side logs suffice? I can log all incoming and outgoing Query and Reply messages formatted as ExtendedJSON if that helps.&lt;/p&gt;

&lt;p&gt;I don&apos;t think there is a problem with the MongoDB server but I can&apos;t find any information regarding the error. I&apos;m connecting over SSL to a MongoDB instance and the authentication fails with the message &quot;SSL support is required for the MONGODB-X509 mechanism.&quot; code 17 (protocol error). I think the error message is incorrect, but I&apos;m not sure what this error means and why it occurs.&lt;/p&gt;</comment>
                            <comment id="1556195" author="spencer.jackson@10gen.com" created="Mon, 24 Apr 2017 15:04:01 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=Joannis&quot; class=&quot;user-hover&quot; rel=&quot;Joannis&quot;&gt;Joannis&lt;/a&gt;, the error message you&apos;re seeing is unusual.&lt;/p&gt;

&lt;p&gt;Can you provide me with the server&apos;s configuration file and/or startup arguments? Can you also provide me with a log file from the server, showing the server starting up, and then trying to handle a MONGODB-X509 authentication attempt initiated by the driver?&lt;/p&gt;

&lt;p&gt;Thanks!&lt;br/&gt;
Spencer&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="157769" name="ca.pem" size="2977" author="spencer.jackson@mongodb.com" created="Mon, 5 Jun 2017 17:51:47 +0000"/>
                            <attachment id="157767" name="client.pem" size="2953" author="spencer.jackson@mongodb.com" created="Mon, 5 Jun 2017 17:51:57 +0000"/>
                            <attachment id="157768" name="server.pem" size="2997" author="spencer.jackson@mongodb.com" created="Mon, 5 Jun 2017 17:51:53 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 24 Apr 2017 14:17:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        6 years, 28 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            6 years, 28 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>Joannis</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|ht66an:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsyg0f:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrl9en:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>