Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-935

mongoc_client_set_ssl_opts should require SSL

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.2.1, 1.3.0-rc0
    • Component/s: libmongoc, tls
    • Labels:
      None
    • Sprint:
      C Driver 2015Q2 sprint 9, C Driver 2015Q2 sprint 10

      Description

      A behavior change, but worth it: right now, including "ssl=true" in the URI means the driver connects to the server with SSL. Calling mongoc_client_set_ssl_opts without "ssl=true" does not; the driver still uses a plain-text connection.

      Calling mongoc_client_set_ssl_opts should be synonymous with imply "ssl=true".

      Already fixed in 1.2 for single-threaded clients, since mongoc_client_set_ssl_opts calls mongoc_topology_scanner_set_ssl_opts. Thus all scanner-node streams are SSL, and the client shares its streams with the scanner nodes.

      Not yet fixed for pooled clients, however. In fact, a pooled client on which you call mongoc_client_set_ssl_opts but don't include "ssl=true" won't work because (I expect) it will use SSL for scanner-node connections on its scanner thread, but plain-text connections for the clients.

      To complete this ticket, fix pooled client behavior when "ssl=true" is omitted but mongoc_client_set_ssl_opts is called.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jesse A. Jesse Jiryu Davis
              Reporter:
              jesse A. Jesse Jiryu Davis
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: