Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3369

mongoc_uri_get_tls case-sensitivity is inconsistent with other option functions

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.16.0
    • Affects Version/s: 1.7.0
    • Component/s: libmongoc, tls
    • None

      mongoc_uri_option_is_bool and mongoc_uri_set_option_as_bool are both documented as being case-insensitive. mongoc_uri_set_option_as_bool does canonicalize the option before setting it, but that is only used to convert SSL options to their TLS variant.

      Elsewhere in mongoc-client.c, mongoc_uri_get_tls is used to determine whether TLS should be used for the connection. mongoc_uri_get_tls has also historically used bson_has_field to check for set TLS values (since d9249e4 for CDRIVER-2130, released in 1.7.0). This leads to a possible inconsistency where some TLS URI options may not actually enable TLS for the connection.

      Consider:

      • "sslAllowInvalidHostnames" will enable TLS, since it is canonicalized and results in MONGOC_URI_TLSALLOWINVALIDHOSTNAMES being set in the URI options
      • "tlsAllowInvalidHostnames" will not enable TLS. It will not be canonicalized and is set with the same case, which mongoc_uri_get_tls will not detect
      • "tlsallowinvalidhostnames" will enable TLS, because it happens to match the canonical casing

      Although CDRIVER-2869 is related, I don't believe it's responsible for the regression. If anything, it subtly fixed an outstanding issue with the older SSL options being case-sensitive with respect to mongoc_uri_get_tls. Given this, I think a 1.16.0 fixVersion may be more appropriate than 1.15.x.

            Assignee:
            jmikola@mongodb.com Jeremy Mikola
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: