Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-39107

Certificate validation fails with Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.1.8
    • Affects Version/s: 4.1.7
    • Component/s: Security
    • None
    • Fully Compatible
    • ALL
    • Security 2019-02-11

      MongoDB version:

      mongodb-macos-x86_64-enterprise-4.1.7-40-gbfb0aec/bin/mongod --version
db version v4.1.7-40-gbfb0aec
git version: bfb0aec447f39633694dcc4418f2a5a5a167937e
allocator: system
modules: enterprise
build environment:
    distarch: x86_64
    target_arch: x86_64

      Start mongod with the attached certificates ( server.pem, ca.pem):

      $ mongodb-macos-x86_64-enterprise-4.1.7-40-gbfb0aec/bin/mongod -v --sslOnNormalPorts --sslWeakCertificateValidation --sslCAFile=ca.pem --sslPEMKeyFile=server.pem --dbpath tmp-data

      Attempt to connect with the mongo shell (or any driver) with client.pem:

      $ mongo --ssl --sslAllowInvalidCertificates --sslPEMKeyFile=client.pem
MongoDB shell version v4.0.1
connecting to: mongodb://127.0.0.1:27017
2019-01-18T16:25:57.426-0800 W NETWORK  [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_NOT_TRUSTED
2019-01-18T16:25:57.426-0800 E QUERY    [js] Error: network error while attempting to run command 'isMaster' on host '127.0.0.1:27017'  :
connect@src/mongo/shell/mongo.js:257:13
@(connect):1:6
exception: connect failed

      The server logs the following error: 

      2019-01-18T16:25:57.387-0800 I NETWORK  [listener] connection accepted from 127.0.0.1:55477 #2 (1 connection now open)
2019-01-18T16:25:57.420-0800 D -        [conn2] User Assertion: UnsupportedFormat: Invalid IP address in CIDR string src/mongo/util/net/cidr.cpp 117
2019-01-18T16:25:57.423-0800 D -        [conn2] User Assertion: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING src/mongo/util/icu.cpp 85
2019-01-18T16:25:57.423-0800 D -        [conn2] User Assertion: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING src/mongo/transport/session_asio.h 633
2019-01-18T16:25:57.423-0800 I NETWORK  [conn2] Error receiving request from client: Location50687: Error preflighting UTF-8 conversion: U_STRING_NOT_TERMINATED_WARNING. Ending connection from 127.0.0.1:55477 (connection id: 2)
2019-01-18T16:25:57.423-0800 I NETWORK  [conn2] end connection 127.0.0.1:55477 (0 connections now open)

      These certificates work without a problem on MongoDB 2.6-4.0 so I think there has been a regression somewhere. Also worth noting is that this failure happens on all platforms, not just macOS. This issue is currently blocking drivers from testing against the latest version of the server.

        1. ca.pem
          1 kB
        2. client.pem
          3 kB
        3. server.pem
          3 kB

            Assignee:
            jonathan.reams@mongodb.com Jonathan Reams
            Reporter:
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: