mongoc_uri_option_is_bool and mongoc_uri_set_option_as_bool are both documented as being case-insensitive. mongoc_uri_set_option_as_bool does canonicalize the option before setting it, but that is only used to convert SSL options to their TLS variant.
Elsewhere in mongoc-client.c, mongoc_uri_get_tls is used to determine whether TLS should be used for the connection. mongoc_uri_get_tls has also historically used bson_has_field to check for set TLS values (since d9249e4 for CDRIVER-2130, released in 1.7.0). This leads to a possible inconsistency where some TLS URI options may not actually enable TLS for the connection.
Consider:
- "sslAllowInvalidHostnames" will enable TLS, since it is canonicalized and results in MONGOC_URI_TLSALLOWINVALIDHOSTNAMES being set in the URI options
- "tlsAllowInvalidHostnames" will not enable TLS. It will not be canonicalized and is set with the same case, which mongoc_uri_get_tls will not detect
- "tlsallowinvalidhostnames" will enable TLS, because it happens to match the canonical casing
Although CDRIVER-2869 is related, I don't believe it's responsible for the regression. If anything, it subtly fixed an outstanding issue with the older SSL options being case-sensitive with respect to mongoc_uri_get_tls. Given this, I think a 1.16.0 fixVersion may be more appropriate than 1.15.x.
- is related to
-
PHPC-1446 Always enable TLS when any TLS option is specified
- Closed
-
CDRIVER-2869 Implement Unified URI Options
- Closed
- related to
-
CDRIVER-3428 Implicitly enable TLS for tlsInsecure and tlsCertificateKeyFilePassword URI opts
- Closed
- links to