Details
-
Bug
-
Resolution: Fixed
-
Major - P3
-
None
-
1.3.1
-
None
-
None
-
Ubuntu 16.04
Description
[amuralid@amuralid-master-vm:/localdisk...re_rwvx-build/rwlog]$ uname -a
|
Linux amuralid-master-vm 4.4.0-59-generic #80-Ubuntu SMP Fri Jan 6 17:47:47 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
|
I am trying to configure self signed certificate for the mongo server by following the official MongoDB docs.
Having configured the private key and cert and mongodb conf, I am able to bring up the server and connect to it using mongo shell client and also using pymongo (PYTHON-1568).
client = MongoClient('mongodb://127.0.0.1:8006/?connectTimeoutMS=1000&ssl=true', ssl_ca_certs="/localdisk/amuralid/container/ub/US-gr-611/rift/.build/ub16_debug/install/usr/rift/certstore/domain.crt", ssl_keyfile="/localdisk/amuralid/container/ub/US-gr-611/rift/.build/ub16_debug/install/usr/rift/var/rift/lp1-mgmt-vm-lp-2/mongo_certs/server/mongo.pem")
|
>>>
|
>>>
|
>>> client.admin.command('ping')
|
{'ok': 1.0}
|
Now I tried mapping this setup to mongoc_ssl_opt_t, but it doesn't work, as select server results in Timeout with much error context.
Cannot ping database, No suitable servers found (`serverselectiontryonce` set)
|
I am trying to map the python arguments I used to the C structure. Can someone tell me what "ssl_ca_certs" and "ssl_keyfile" maps to in the C structure ?
certificate="/localdisk/amuralid/container/ub/US-gr-611/rift/.build/ub16_debug/install/usr/rift/certstore/domain.crt";
|
// Set the SSL/TLS options
|
ssl_opts_ = {0};
|
ssl_opts_.pem_file = pem_path_.c_str();
|
ssl_opts_.ca_file = certificate;
|
//ssl_opts_.weak_cert_validation = true;
|
|
|
// set the ssl options
|
mongoc_client_set_ssl_opts(client_, &ssl_opts_);
|
In my code above, "ssl_opts_.ca_file" points to the certificate and "ssl_opts_.pem_file" points to the concat of private key and certificate.
Thanks in advance