Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-45802

Limit frequency of X.509 client certificate expiry warnings

    • Type: Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security, Usability
    • None
    • Security 2020-02-10

      During connection establishment, if a client certificate is presented whose expiration is within tlsX509ExpirationWarningThresholdDays, a warning is emitted. This can result in many warnings.

      To limit these warnings, we should record observed certificates along with a timestamp of when they were last warned about. This information should be stored in an LRU cache to bound it.

      We should warn if the presented certificate is expiring soon, and is either not contained in the cache, or the time it was last warned about is sufficiently far in the past.

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: