Details
-
Improvement
-
Resolution: Fixed
-
Unknown
-
None
-
None
-
None
Description
Background & Motivation
CSFLE has a requirement to configure TLS options for each KMS provider. The specification provides example API:
// setTLSOptions accepts a map of KMS provider names to TLSOptions.
|
// The TLSOptions apply to any TLS socket required to communicate
|
// with the KMS provider.
|
setTLSOptions (opts Map<String, TLSOptions>)
|
The planned API in libmongoc is to use a bson_t to represent the map to be consistent with mongoc_auto_encryption_opts_set_kms_providers :
MONGOC_EXPORT (void)
|
mongoc_auto_encryption_opts_set_tls_opts (
|
mongoc_auto_encryption_opts_t *opts,
|
const bson_t *tls_opts);
|
Creating a TLS stream with mongoc_stream_tls_new_with_hostname requires a mongoc_ssl_opt_t.
To aid with implementation, create a private helper to construct a mongoc_ssl_opt_t from a bson_t containing TLS options.
Scope
- Create a private helper to construct a mongoc_ssl_opt_t from a bson_t containing TLS options.
- Parse BSON keys with the "tls" prefixed options in the URI Options specification.