Uploaded image for project: 'Ruby Driver'
  1. Ruby Driver
  2. RUBY-1767

TLS verification cannot be configured via URI options due to missing private key URI option

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 2.9.0.rc0
    • Affects Version/s: None
    • Component/s: None
    • None

      https://docs.mongodb.com/ruby-driver/master/tutorials/ruby-driver-create-client/#uri-options-conversions maps tlsCertificateKeyFile to two Ruby options: ssl_cert and ssl_key. In the code, only the ssl_cert mapping exists (ssl_key is never set). In my testing, setting ssl_cert without setting ssl_key makes the context aware of the certificate but the certificate is never sent to the remote end over the wire, thus resulting in the server declining the connection (closing it with a log message, driver gets an EOFError) due to missing client certificate.

      It is still possible to connect to server via TLS but doing so requires configuring the server to allow missing certificates (https://github.com/mongodb/mongo-ruby-driver/tree/master/spec#tls-without-verification).

      If the current URI options are sufficient to configure TLS connections with verification, this needs to be tested in the test suite and documented. Alternatively https://jira.mongodb.org/browse/SPEC-1251?filter=25987 needs to be done to add a URI option for specifying the private key separately from the certificate.

            Assignee:
            sam.rossi@mongodb.com Samuel Rossi (Inactive)
            Reporter:
            oleg.pudeyev@mongodb.com Oleg Pudeyev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: