"-DENABLE_SSL=OPENSSL" would not allow user connect server with ip address

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Works as Designed
    • Priority: Major - P3
    • None
    • Affects Version/s: 1.7.0
    • Component/s: libmongoc
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      mongo c driver: 1.7.0
      mongo cxx driver: r3.1.3

      if I compile the c driver with "-DENABLE_SSL=OPENSSL", I do the following tests:
      case 1: the host's cert's CN is ip address, connect with ip address, failed.
      error info:

      connection failed: No suitable servers found (`serverSelectionTryOnce` set): [TL
      S handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:cert
      ificate verify failed calling ismaster on '10.154.10.39:27017']: generic server
      error

      • case 2*: the host's cert's CN is hostname , connect with host name , successful.

      but I can connect with mongo.exe successfully for both two cases.
      what's more , such issue disappears if I compile the driver with "-DENABLE_SSL=WINDOWS"

        1. dd.png
          31 kB
          winnie_quest

              Assignee:
              A. Jesse Jiryu Davis
              Reporter:
              winnie_quest
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: