Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32551

Cluster with x.509 membership authentication serves client connection with cluster client certificate

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.3, 3.7.1
    • Affects Version/s: 3.6.0, 3.6.1
    • Component/s: Networking, Security
    • None
    • Fully Compatible
    • ALL
    • v3.6
    • Hide
      • deploy a replica set with x.509 membership authentication and distinct pem files for clusterFile and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options
      • connect with mongo using --ssl option
      Show
      deploy a replica set with x.509 membership authentication and distinct pem files for clusterFile and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options connect with mongo using --ssl option
    • Platforms 2018-01-15

      In a 3.6.0 and 3.6.1 replica set cluster with x.509 membership authentication with distinct pem files for clusterFile (with "TLS Web Client Authentication" X509v3 Extended Key Usage) and PEMKeyFile (with "TLS Web Server Authentication" X509v3 Extended Key Usage) mongod options the client ssl connection requests are served by client certificate (with obvious [CONNECT_ERROR] for SSL peer certificate validation failed: unsupported certificate purpose).

      It affects 3.4 --> 3.6 upgrade cluster and also a fresh 3.6 installation.

            Assignee:
            spencer.jackson@mongodb.com Spencer Jackson
            Reporter:
            s.maratea Simone Maratea
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: