Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8739

Start mongod with SSL, CAFile and CRLFile - expired CRL file - shouldn't start.

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL 

      ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ ./bin/mongod --dbpath ./data/ --sslOnNormalPorts --sslPEMKeyFile ../sslCA/gregorFreeBSD.pem --sslCAFile ../sslCA/cacert.pem --sslCRLFile ../sslCA/crl/crl_expire.pem --smallfiles
Tue Feb 26 17:22:54.061 [initandlisten] MongoDB starting : pid=20129 port=27017 dbpath=./data/ 64-bit host=ip-10-36-133-56
Tue Feb 26 17:22:54.061 [initandlisten] db version v2.4.0-rc1, pdfile version 4.5
Tue Feb 26 17:22:54.061 [initandlisten] git version: 1ea058cf251bda7624f2afac0b38eebd969c5105 modules: subscription
Tue Feb 26 17:22:54.061 [initandlisten] build info: Linux ip-10-80-175-252 3.2.0-38-virtual #60-Ubuntu SMP Wed Feb 13 13:42:54 UTC 2013 x86_64 BOOST_LIB_VERSION=1_49
Tue Feb 26 17:22:54.061 [initandlisten] allocator: tcmalloc
Tue Feb 26 17:22:54.061 [initandlisten] options: { dbpath: "./data/", smallfiles: true, sslCAFile: "../sslCA/cacert.pem", sslCRLFile: "../sslCA/crl/crl_expire.pem", sslOnNormalPorts: true, sslPEMKeyFile: "../sslCA/gregorFreeBSD.pem" }
Tue Feb 26 17:22:54.070 [initandlisten] journal dir=./data/journal
Tue Feb 26 17:22:54.070 [initandlisten] recover : no journal files present, no recovery needed
Tue Feb 26 17:22:54.270 [initandlisten] ssl imported 1 revoked certificate from the revocation list.
Tue Feb 26 17:22:54.272 [initandlisten] waiting for connections on port 27017 ssl
Tue Feb 26 17:22:54.272 [websvr] ssl imported 1 revoked certificate from the revocation list.
Tue Feb 26 17:22:54.272 [websvr] admin web console waiting for connections on port 28017 ssl

      ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$ openssl crl -in ../sslCA/crl/crl_expire.pem -noout -text
Certificate Revocation List (CRL):
        Version 2 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=gregor/emailAddress=gregor@10gen.com
        Last Update: Feb 25 16:41:41 2013 GMT
        Next Update: Feb 26 16:41:41 2013 GMT
        CRL extensions:
            X509v3 CRL Number: 
                2
Revoked Certificates:
    Serial Number: 1001
        Revocation Date: Feb 25 15:06:25 2013 GMT
    Signature Algorithm: sha1WithRSAEncryption
         7d:30:33:38:b1:9c:81:31:be:cb:02:2d:9f:63:a0:dd:f2:c6:
         de:e2:99:35:6e:01:72:93:78:94:1b:a8:5e:ca:d9:04:16:3c:
         f0:8d:4f:41:cb:15:8a:2d:1f:c5:69:2e:2c:32:ce:86:3a:25:
         6e:1c:53:d5:95:3e:6e:03:e0:77:92:a7:6f:08:4c:1a:37:40:
         12:81:23:22:d9:e6:aa:ac:c4:89:23:f1:7a:03:a6:6e:b5:cd:
         6e:13:0b:d3:81:d4:cd:f9:7f:dd:fa:76:eb:78:21:30:1f:31:
         33:59:0f:0e:2a:dc:ed:98:13:da:28:50:e2:a7:10:9c:75:be:
         cc:e3
ubuntu@ip-10-36-133-56:~/mongodb-linux-x86_64-subscription-ubuntu1104-2.4.0-rc1$

            Assignee:
            Unassigned Unassigned
            Reporter:
            gregor Gregor Macadam
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: