Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.4
Affects Version/s: 2.5.1
Component/s: Security
Labels:
None

Implement a hostname check of the server on the client side. Check SAN match first and then CN.
Also, check that the server certificate is currently valid (not expired, and not 'not-yet-valid').

These behaviors should be configurable before first-use of the driver, by manipulating the process-global connection ssl configuration state (formerly cmdLine.sslOnNormalPorts).

is related to

SERVER-11107 By default, mongod should not start with an expired or invalid server certificate

Closed

Assignee:: Andreas Nilsson

Reporter:: Andreas Nilsson

Participants:: Andreas Nilsson, Andy Schwerin, auto

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: Jul 25 2013 02:00:10 PM UTC

Updated:: Oct 30 2015 02:41:38 PM UTC

Resolved:: Nov 12 2013 02:28:22 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates