Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-74989

Create configuration file option for custom X.509 subject name matching

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.0.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • Security 2023-03-20, Security 2023-04-03, Security 2023-04-17

      Today, servers determine whether a connecting client is a peer server node either via keyfile authentication or X.509. If X.509 authentication is enabled on the server and the connecting client's certificate has a subject name DN sharing the same O, OU, and DC attributes as the server's certificate, then the connecting client is considered as a peer server node.

      In an effort to make this more customizable, we will add a configuration file option that will take priority over this default policy. The option will specify a set of subject name DN attributes and values that the server will check for in the connecting client's certificate. If they match, then the client will be treated as a peer server node.

            Assignee:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Reporter:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: