Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-948

TLS / SSL connections fail in pooled mode

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker - P1
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.2.1
    • Component/s: libmongoc, tls
    • Security Level: Public
    • Labels:
      None
    • Sprint:
      C Driver 2015Q2 sprint 9

      Description

      Client operations over SSL will always fail in version 1.2.0 if the client is from a mongoc_pool_t.

      Beginning in 1.2.0, clients from a pool all share a set of sockets for server monitoring, but use distinct per-client sockets for application operations (such as queries, writes, etc.). When the pool creates sockets for monitoring, it begins a non-blocking connect on each and uses "poll" to wait asynchronously for all of them to finish connecting. When an individual client creates a socket for application operations, the client connects the socket synchronously.

      In the process of a series of refactorings (mainly related to CDRIVER-894) we introduced a new internal function mongoc_stream_wait that a pooled client uses to await connection on a socket before doing application operations on it. We didn't re-test SSL connections in pooled mode after those refactorings were completed.

      This allowed a bug to slip through: the new mongoc_stream_wait calls mongoc_stream_poll on a buffered TLS stream, but buffered TLS streams don't implement "poll". So mongoc_stream_poll always errors ("invalid argument", EINVAL) and the connection is considered failed.

      Symptom: a "find" and "mongoc_cursor_next" operation with a pooled client and SSL enabled fails, with the error, "Cursor Failure: Failed to connect to target host".

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jesse A. Jesse Jiryu Davis
              Reporter:
              jesse A. Jesse Jiryu Davis
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: