Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-54328

Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.0.0
    • Affects Version/s: None
    • Component/s: None
    • Fully Compatible
    • Sharding 2021-02-22
    • 36

      At this point we have a bug when all existing instances of the SSLConnectionContext share the same SSLManagerInterface instance in `manager` field. This is not correct, because each instance of SSLManagerInterface (SSLManagerOpenSSL) owns its own copy of SSLConfiguration as `_sslConfiguration`.

      SSLConfiguration must not be shared between the global manager and each transient manager instance created with specific transient params for inter-cluster communications.

      The SSLManagerCoordinator should be enhanced to create a non-global instance of SSLManagerInterface. The `SSLManagerOpenSSL::initSSLContext()` and all methods it invokes should be refactored to be stateless and const.

      Thanks mark.benvenuto for explaining the problem.

            Assignee:
            andrew.shuvalov@mongodb.com Andrew Shuvalov (Inactive)
            Reporter:
            andrew.shuvalov@mongodb.com Andrew Shuvalov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: