Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-2675

TLS connection to mongo does not work

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • None
    • 1.3.1
    • None
    • None
    • Ubuntu 16.04

    Description

      [amuralid@amuralid-master-vm:/localdisk...re_rwvx-build/rwlog]$ uname -a
      Linux amuralid-master-vm 4.4.0-59-generic #80-Ubuntu SMP Fri Jan 6 17:47:47 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
      

      I am trying to configure self signed certificate for the mongo server by following the official MongoDB docs.
      Having configured the private key and cert and mongodb conf, I am able to bring up the server and connect to it using mongo shell client and also using pymongo (PYTHON-1568).

      client = MongoClient('mongodb://127.0.0.1:8006/?connectTimeoutMS=1000&ssl=true', ssl_ca_certs="/localdisk/amuralid/container/ub/US-gr-611/rift/.build/ub16_debug/install/usr/rift/certstore/domain.crt", ssl_keyfile="/localdisk/amuralid/container/ub/US-gr-611/rift/.build/ub16_debug/install/usr/rift/var/rift/lp1-mgmt-vm-lp-2/mongo_certs/server/mongo.pem")
      >>>
      >>>
      >>> client.admin.command('ping')
      {'ok': 1.0}
      

      Now I tried mapping this setup to mongoc_ssl_opt_t, but it doesn't work, as select server results in Timeout with much error context.

      Cannot ping database, No suitable servers found (`serverselectiontryonce` set)
      

      I am trying to map the python arguments I used to the C structure. Can someone tell me what "ssl_ca_certs" and "ssl_keyfile" maps to in the C structure ?

      certificate="/localdisk/amuralid/container/ub/US-gr-611/rift/.build/ub16_debug/install/usr/rift/certstore/domain.crt";
        // Set the SSL/TLS options
        ssl_opts_ = {0};
        ssl_opts_.pem_file = pem_path_.c_str();
        ssl_opts_.ca_file = certificate;
        //ssl_opts_.weak_cert_validation = true;
       
        // set the ssl options
        mongoc_client_set_ssl_opts(client_, &ssl_opts_);
      

      In my code above, "ssl_opts_.ca_file" points to the certificate and "ssl_opts_.pem_file" points to the concat of private key and certificate.

      Thanks in advance

      Attachments

        Activity

          People

            jesse@mongodb.com A. Jesse Jiryu Davis
            arunmu Arun Muralidharan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: