Details
-
Improvement
-
Resolution: Done
-
Major - P3
-
2.4
Description
The C# driver docs has an example on how to connect using SSL in http://mongodb.github.io/mongo-csharp-driver/2.4/reference/driver/ssl/. The code in the page shows:
var cert = new X509Certificate2("client.pfx", "mySuperSecretPassword");
|
|
|
var settings = new MongoClientSettings
|
{
|
SslSettings = new SslSettings
|
{
|
ClientCertificates = new[] { cert },
|
},
|
UseSsl = true
|
};
|
However I find the code doesn't work when trying to connect to a MongoDB server with requireSSL=true.
With some help from andrew.ryder I arrived at a working code:
var cert = new X509Certificate2("client.pfx", "secret");
|
|
|
var settings = new MongoClientSettings {
|
Server = new MongoServerAddress("myserver.local", 27017),
|
SslSettings = new SslSettings {
|
ClientCertificates = certs,
|
ClientCertificateSelectionCallback = delegate( object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers ) { return certs[0]; },
|
ServerCertificateValidationCallback = delegate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors )
|
{
|
return true;
|
}
|
},
|
UseSsl = true,
|
};
|
There seems to be a series of requirements that are not explicit. In light of our push toward a more secure MongoDB deployment, in my opinion the SSL example should be explained more with a working code.