<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:42:36 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-57716] Partial certificate chain in PEM causes validation failure in OCSP</title>
                <link>https://jira.mongodb.org/browse/SERVER-57716</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;&lt;tt&gt;tls&lt;/tt&gt; section may contain &lt;tt&gt;CAFile&lt;/tt&gt; and &lt;tt&gt;certificateKeyFile&lt;/tt&gt; parameters. When &lt;tt&gt;CAFile&lt;/tt&gt; and &lt;tt&gt;certificateKeyFile&lt;/tt&gt; both contain partial certificate chains, the &lt;tt&gt;X509_verify_cert&lt;/tt&gt; call in &lt;tt&gt;OCSPFetcher::fetchAndStaple&lt;/tt&gt; fails with error 20: &quot;unable to get local issuer certificate&quot;&lt;/p&gt;</description>
                <environment></environment>
        <key id="1782868">SERVER-57716</key>
            <summary>Partial certificate chain in PEM causes validation failure in OCSP</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="sergey.galtsev@mongodb.com">Sergey Galtsev</assignee>
                                    <reporter username="sergey.galtsev@mongodb.com">Sergey Galtsev</reporter>
                        <labels>
                    </labels>
                <created>Tue, 15 Jun 2021 18:52:47 +0000</created>
                <updated>Sun, 29 Oct 2023 21:52:10 +0000</updated>
                            <resolved>Fri, 6 Aug 2021 21:24:47 +0000</resolved>
                                    <version>5.1 Required</version>
                                    <fixVersion>5.0.3</fixVersion>
                    <fixVersion>4.4.9</fixVersion>
                    <fixVersion>5.1.0-rc0</fixVersion>
                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="4002742" author="xgen-internal-githook" created="Mon, 16 Aug 2021 21:28:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;sergey.galtsev&apos;, &apos;email&apos;: &apos;sergey.galtsev@mongodb.com&apos;, &apos;username&apos;: &apos;brushless-glitch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-57716&quot; title=&quot;Partial certificate chain in PEM causes validation failure in OCSP&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-57716&quot;&gt;&lt;del&gt;SERVER-57716&lt;/del&gt;&lt;/a&gt;: use common CA file for OCSP where clusterCA is present&lt;br/&gt;
Branch: v4.4&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/085d811dbee92b9b7f71205d3aa1b2ad0bd334c4&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/085d811dbee92b9b7f71205d3aa1b2ad0bd334c4&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4002370" author="xgen-internal-githook" created="Mon, 16 Aug 2021 19:14:05 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;sergey.galtsev&apos;, &apos;email&apos;: &apos;sergey.galtsev@mongodb.com&apos;, &apos;username&apos;: &apos;brushless-glitch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-57716&quot; title=&quot;Partial certificate chain in PEM causes validation failure in OCSP&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-57716&quot;&gt;&lt;del&gt;SERVER-57716&lt;/del&gt;&lt;/a&gt;: use common CA file for OCSP where clusterCA is present&lt;br/&gt;
Branch: v5.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/b559cb1d481b020909461c268d88ab03ee73add6&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/b559cb1d481b020909461c268d88ab03ee73add6&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3986429" author="JIRAUSER1258160" created="Fri, 6 Aug 2021 21:24:47 +0000"  >&lt;p&gt;when clusterCAFile is speficied, it no longer takes over CAFile for the purposes of OCSP&lt;/p&gt;</comment>
                            <comment id="3985832" author="xgen-internal-githook" created="Fri, 6 Aug 2021 17:47:19 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;sergey.galtsev&apos;, &apos;email&apos;: &apos;sergey.galtsev@mongodb.com&apos;, &apos;username&apos;: &apos;brushless-glitch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-57716&quot; title=&quot;Partial certificate chain in PEM causes validation failure in OCSP&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-57716&quot;&gt;&lt;del&gt;SERVER-57716&lt;/del&gt;&lt;/a&gt;: use common CA file for OCSP where clusterCA is present&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/9410ef02091cd02c09871080c18eded7e884364b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/9410ef02091cd02c09871080c18eded7e884364b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3968691" author="JIRAUSER1258160" created="Wed, 28 Jul 2021 17:32:51 +0000"  >&lt;p&gt;&lt;a href=&quot;https://mongodbcr.appspot.com/810540001/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://mongodbcr.appspot.com/810540001/&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3950295" author="JIRAUSER1258160" created="Mon, 19 Jul 2021 18:43:41 +0000"  >&lt;p&gt;&lt;a href=&quot;https://mongodbcr.appspot.com/810540001/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://mongodbcr.appspot.com/810540001/&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3931015" author="JIRAUSER1258160" created="Tue, 13 Jul 2021 16:34:14 +0000"  >&lt;p&gt;Notes from zoom meeting with &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt;:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;focus on fixing only OCSP at this time using minimally invasive change&lt;/li&gt;
	&lt;li&gt;we will need to plan for a long-term redesign of SSL code with regards to clustering, authorization, and separation of X509 usage in context of serverless&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="554673">SERVER-35418</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="21777"><![CDATA[v5.0]]></customfieldvalue>
    <customfieldvalue key="18953"><![CDATA[v4.4]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10011"><![CDATA[Minor Change]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K00000scgezQAA]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 21 Jun 2021 17:11:29 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 25 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 25 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>sergey.galtsev@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzm4yv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hz6o2f:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4972">Security 2021-07-12</customfieldvalue>
    <customfieldvalue id="5133">Security 2021-07-26</customfieldvalue>
    <customfieldvalue id="5134">Security 2021-08-09</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzlr7z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>