<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:48:13 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-59825] Include the Connection ID in OCSP Error Messages within mongoD logs</title>
                <link>https://jira.mongodb.org/browse/SERVER-59825</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;&lt;b&gt;Problem:&lt;/b&gt;&lt;br/&gt;
With the switch to Structured Logging and the inclusion of OCSP options within the driver and server, when OCSP errors occur, the associate log lines do not include a connection ID, therefore cannot be definitively tracked back to the client/source of the error.&lt;/p&gt;

&lt;p&gt;Example:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;{&quot;t&quot;:{&quot;$date&quot;:&quot;2021-09-03T14:24:44.242+00:00&quot;},&quot;s&quot;:&quot;W&quot;,  &quot;c&quot;:&quot;NETWORK&quot;,  &quot;id&quot;:5512201, &quot;ctx&quot;:&quot;OCSP Fetch and Staple&quot;,&quot;msg&quot;:&quot;Server was unable to staple OCSP Response&quot;,&quot;attr&quot;:{&quot;reason&quot;:{&quot;code&quot;:141,&quot;codeName&quot;:&quot;SSLHandshakeFailed&quot;,&quot;errmsg&quot;:&quot;SSL peer certificate revocation status checking failed: Could not verify X509 certificate store for OCSP Stapling. error:00000000:lib(0):func(0):reason(0)&quot;}}}&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;This makes filtering internal Atlas issues difficult to separate from client-side issues, and has lead to multiple support tickets where customer quote these log lines as reasons for application connection problems.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Proposed Solution:&lt;/b&gt;&lt;br/&gt;
Include the connection ID in the log line so that we can provide a &quot;complete connection lifetime&quot; from the server logs, and filter actual issues from Atlas noise.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1867484">SERVER-59825</key>
            <summary>Include the Connection ID in OCSP Error Messages within mongoD logs</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13204">Community Answered</resolution>
                                        <assignee username="spencer.jackson@mongodb.com">Spencer Jackson</assignee>
                                    <reporter username="aaron.bromberg@mongodb.com">Aaron Bromberg</reporter>
                        <labels>
                    </labels>
                <created>Fri, 3 Sep 2021 21:55:38 +0000</created>
                <updated>Fri, 27 Oct 2023 15:56:27 +0000</updated>
                            <resolved>Fri, 21 Jan 2022 22:49:50 +0000</resolved>
                                                                                        <votes>1</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="4307222" author="spencer.jackson@10gen.com" created="Fri, 21 Jan 2022 22:49:20 +0000"  >&lt;p&gt;As a note, OCSP can happen in several places:&lt;br/&gt;
1) Client side. When a driver that supports OCSP connects to a server, the server provides an X.509 certificate that supports OCSP, but the server did not staple, the client will go and fetch an OCSP response.&lt;br/&gt;
2) OCSP Stapling. A server can pre-emptively fetch OCSP responses, which it will provide to clients during their TLS handshake. This allows clients to avoid performing response acquisition.&lt;br/&gt;
3) Server side, while talking to other servers which don&apos;t support OCSP stapling. A server opening a connection to another server may need to perform the same logic that clients perform.&lt;br/&gt;
We&apos;ll never see the outcome of 1, unless something goes wrong and the client hangs up, but we&apos;ll never learn why. Scenario 2 is totally asynchronous and not tied to particular clients or connections. Scenario 3 happens in egress networking, and is purely server-to-server, so it&apos;s not necessarily associated with an individual end-user connection&lt;/p&gt;</comment>
                            <comment id="4271249" author="aaron.bromberg" created="Thu, 30 Dec 2021 17:29:00 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson&quot;&gt;spencer.jackson&lt;/a&gt;.&#160; Since the OCSP validation is supposed to happen in the background, do you know if we are expecting to show INFO and WARN OCSP log lines in the &lt;tt&gt;mongod&lt;/tt&gt; logs within Atlas when OCSP is enabled in the driver/client?&lt;/p&gt;
</comment>
                            <comment id="4271200" author="spencer.jackson@10gen.com" created="Thu, 30 Dec 2021 16:56:53 +0000"  >&lt;p&gt;Hello &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=aaron.bromberg&quot; class=&quot;user-hover&quot; rel=&quot;aaron.bromberg&quot;&gt;aaron.bromberg&lt;/a&gt;, I do not believe this request is possible, because the &quot;Fetch and Staple&quot; operation is performed independently from any client connection. It is a background operation which pre-emptively requests OCSP responses and readies them to transmission to future clients. The error message that you&apos;re observing could be related to &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-55122&quot; title=&quot;Fix OCSP to allow intermediate certificates in tlsCertificateKeyFile&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-55122&quot;&gt;&lt;del&gt;SERVER-55122&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</comment>
                            <comment id="4262252" author="JIRAUSER1262719" created="Tue, 21 Dec 2021 18:14:48 +0000"  >&lt;p&gt;Moving to &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=backlog-server-security&quot; class=&quot;user-hover&quot; rel=&quot;backlog-server-security&quot;&gt;backlog-server-security&lt;/a&gt;&#160;for triage.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 21 Dec 2021 18:14:48 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 2 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 2 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>aaron.bromberg@mongodb.com</customfieldvalue>
            <customfieldvalue>lauren.lewis@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i00h2n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hzkg4v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="5527">Security 2022-01-24</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i0037z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>