Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-5736

Passing non-existing CA file asserts with OpenSSL

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 1.28.1, 1.29.0
    • Affects Version/s: 1.28.0
    • Component/s: None
    • None
    • C Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Building with -DENABLE_SSL=OPENSSL and referring to a non-existing CA path results in an assertion failure. Example:

      mongoc_client_t *client =
   mongoc_client_new ("mongodb://bob:pwd123@localhost:27017/?tls=true&tlsCAFile=/nonexistant/ca.pem");
ASSERT (!mongoc_client_command_simple (client, "admin", tmp_bson ("{'ping': 1}"), NULL, NULL, NULL));
mongoc_client_destroy (client);

      Results in an assertion failure:

      2024/09/25 10:14:38.0138: [4096262]:    ERROR:       mongoc: Cannot load Certificate Authorities from '/nonexistant/ca.pem' and '(null)'
The parameter: ssl_ctx, in function mongoc_stream_tls_openssl_new_with_context, cannot be NULL

      Quoting ezra.chung@mongodb.com:

      This seems to be a regression introduced in 1.28.0 by this commit. 1.27.6 does not exhibit this assertion failure.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: