Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8709

mongo shouldn't be able to connect with revoked cert

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.4.0-rc2
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL

      Mongod started with CRL, valid cert

      $ ./bin/mongod --dbpath ./data/ --sslOnNormalPorts --sslPEMKeyFile ../sslCA/gregorFreeBSD.pem  --replSet rs1 --smallfiles --sslCRLFile=../sslCA/crl/crl.pem 
      Mon Feb 25 15:32:48.373 [initandlisten] MongoDB starting : pid=9246 port=27017 dbpath=./data/ 64-bit host=ip-10-36-133-56
      Mon Feb 25 15:32:48.374 [initandlisten] db version v2.4.0-rc0, pdfile version 4.5
      Mon Feb 25 15:32:48.374 [initandlisten] git version: 09967e98e5d6280305d85553cdb2dd12e2e1e149 modules: subscription
      Mon Feb 25 15:32:48.374 [initandlisten] build info: Linux bs-e-ubuntu1104 2.6.38-13-virtual #57-Ubuntu SMP Mon Mar 5 21:16:08 UTC 2012 x86_64 BOOST_LIB_VERSION=1_49
      Mon Feb 25 15:32:48.374 [initandlisten] allocator: tcmalloc
      Mon Feb 25 15:32:48.374 [initandlisten] options: { dbpath: "./data/", replSet: "rs1", smallfiles: true, sslCRLFile: "../sslCA/crl/crl.pem", sslOnNormalPorts: true, sslPEMKeyFile: "../sslCA/gregorFreeBSD.pem" }
      Mon Feb 25 15:32:48.382 [initandlisten] journal dir=./data/journal
      Mon Feb 25 15:32:48.382 [initandlisten] recover : no journal files present, no recovery needed
      Mon Feb 25 15:32:48.398 [initandlisten] ssl imported 1 revoked certificate from the revocation list.
      Mon Feb 25 15:32:48.399 [initandlisten] waiting for connections on port 27017 ssl
      Mon Feb 25 15:32:48.400 [websvr] ssl imported 1 revoked certificate from the revocation list.
      Mon Feb 25 15:32:48.400 [websvr] admin web console waiting for connections on port 28017 ssl
      Mon Feb 25 15:32:48.404 [rsStart] replSet I am ip-10-36-133-56:27017
      Mon Feb 25 15:32:48.404 [rsStart] replSet STARTUP2
      Mon Feb 25 15:32:49.406 [rsSync] replSet SECONDARY
      Mon Feb 25 15:32:49.406 [rsMgr] replSet info electSelf 0
      Mon Feb 25 15:32:50.405 [rsMgr] replSet PRIMARY
      Mon Feb 25 15:32:52.664 [initandlisten] connection accepted from 127.0.0.1:54959 #1 (1 connection now open)
      Mon Feb 25 15:32:53.650 [conn1] end connection 127.0.0.1:54959 (0 connections now open)
      Mon Feb 25 15:32:55.010 [initandlisten] connection accepted from 127.0.0.1:54960 #2 (1 connection now open)
      

      Mongo started with revoked cert

       ./bin/mongo --ssl --sslPEMKeyFile=../sslCA/revoked_gregor.pem 
      MongoDB shell version: 2.4.0-rc0
      connecting to: test
      rs1:PRIMARY> 
      

        1. crl.pem
          0.5 kB
        2. gregorFreeBSD.pem
          4 kB
        3. revoked_gregor.pem
          4 kB

            Assignee:
            milkie@mongodb.com Eric Milkie
            Reporter:
            gregor Gregor Macadam
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: