-
Type: Improvement
-
Resolution: Done
-
Priority: Unknown
-
Affects Version/s: 1.22.0-beta0
-
Component/s: libmongocrypt
-
None
Related to: Detecting crypt_shared Availability in the CSFLE spec.
Applications and drivers wrapping libmongoc don't have any way to determine if crypt_shared is used, because mongocrypt_crypt_shared_lib_version_string requires a mongocrypt_t * resource, which is internal to libmongoc's private struct __mongoc_crypt_t (typedef-ed as _mongoc_crypt_t).
_mongoc_crypt_t is created by _mongoc_crypt_new, which is only called in three places within libmongoc:
- Initializing topology->crypt member for single-threaded and pooled modes.
- Creating mongoc_client_encryption_t, which isn't relevant since crypt_shared is never required there.
In a previous discussion with colby.pike@mongodb.com I asked if libmongoc or libmongocrypt had any safeguards in place to avoid loading multiple versions of crypt_shared. His response was:
1: Correct, the version of crypt_shared is orthogonal to the version of libmongocrypt, since crypt_shared is loaded dynamically.
2: Applications cannot load more than one version of crypt_shared library simultaneously, even if they are of the same version (multiple uses of the same library is allowed, as long as it is the same file every time). There are some guards in check to prevent this as well, but they aren't fool-proof.
Ideally, it'd be great if libmongoc or libmongocrypt could provide some global API (not tied to a client/pool) that allowed applications to query the crypt_shared version. This would allow PHP to report its version the same way we do libmongoc and libmongocrypt itself. If that's not possible, providing some API to query the crypt_shared version through a pool or client would be sufficient (although that could be more complicated as it would require exposing mongoc_crypt_t _and its mongocrypt_t *.
- is depended on by
-
PHPC-2103 Allow applications to detect crypt_shared availability
- Closed
- is related to
-
CDRIVER-4450 Initializing client-side encryption spawns mongocryptd even if crypt_shared is available and loaded
- Closed