-
Type: Bug
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
None
Found by chris.cho, of which he included a thorough repro data and code here:
https://gist.github.com/ccho-mongodb/67dc14a2344971619403982def475a8d
Per the auth spec, the username we're deriving from the client certificate should conform to:
openssl x509 -subject -nameopt RFC2253 -noout -inform PEM -in test-client.pem
On the client certificate provided in that gist, that command results in:
CN=Chris,OU=TestClientCertificateOrgUnit,O=EducationClientCertificate,L=TestClientCertificateLocality,ST=TestClientCertificateState,C=US
But the C driver on macOS derives the username as:
C=US,ST=TestClientCertificateState,L=TestClientCertificateLocality,O=EducationClientCertificate,OU=TestClientCertificateOrgUnit,CN=Chris
Which results in an authentication failure. As a workaround, the username can be provided explicitly.
- is related to
-
CDRIVER-1385 Secure Transport subject reversed
- Closed
-
CDRIVER-2940 Regenerate test certificates with SHA256 signatures
- Closed