Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-1022

Sporadic SCRAM-SHA-1 authentication failures due to "storedKey mismatch"

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.5.0
    • Affects Version/s: 1.3.0
    • Component/s: None
    • Labels:
      None
    • Environment:
      MongoDB 3.4.9 on Ubuntu 14.04

      In this thread on mongodb-user, a user reported sporadic authentication failures with SCRAM-SHA-1 in both FPM and CLI environments. The following code is used to connect:

      $sslContext = stream_context_create([
              "ssl" => [
                      "verify_peer" => false,
                      "verify_peer_name" => false,
                      "allow_self_signed" => true,
              ],
      ]);
      
      $this->client = new MongoDB\Client(
              'mongodb://db1:27017,db2:27017,db3:27017/',
              [
                      'username'               => $this->conOpts['username'],
                      'password'               => $this->conOpts['password'],
                      'ssl'                    => true,
                      'replicaSet'             => $this->conOpts['replicaSet'],
                      'authSource'             => $this->conOpts['db'],
              ],
              [
                      'context' => $sslContext,
                      'typeMap' => ['root' => 'array', 'document' => 'array', 'array' => 'array']
              ]
      );
      

      This error only started appearing in PHPC 1.3.0, which leads me to believe it may be related to some change in libmongoc between 1.5.5 (used by PHPC 1.2.x) and 1.8.0 (used by PHPC 1.3.0). It's possible this may be related to SCRAM-SHA-1 caching introduced in fc3ff3b for CDRIVER-2150.

            Assignee:
            jmikola@mongodb.com Jeremy Mikola
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: