[CDRIVER-1488] Add SNI Support for Secure Channel Created: 23/Aug/16  Updated: 26/Aug/16  Resolved: 26/Aug/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.4.0
Fix Version/s: 1.5.0

Type: Improvement Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on CDRIVER-1484 Add SNI Support for OpenSSL Closed
Epic Link: mongoc-tls-sni

 Comments   
Comment by Hannes Magnusson [ 26/Aug/16 ]

Looks like it is provided automagically already with normal hostname verification:

(Secure Channel)

 
 
2016-08-26T02:00:16.952+0100 I NETWORK  [thread1] connection accepted from 127.0.0.1:49553 #3 (1 connection now open)
2016-08-26T02:00:16.970+0100 D NETWORK  [conn3] MONGODB-X509 authorization parsed the following roles from peer certificate: 
2016-08-26T02:00:16.970+0100 D NETWORK  [conn3] new ssl connection, SNI server name [localhost]
2016-08-26T02:00:16.971+0100 I NETWORK  [conn3] received client metadata from 127.0.0.1:49553 conn3: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0x163 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" }
2016-08-26T02:00:16.971+0100 I COMMAND  [conn3] command admin.$cmd command: isMaster { isMaster: 1, client: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0x163 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" } } numYields:0 reslen:189 locks:{} protocol:op_query 0ms
2016-08-26T02:00:16.972+0100 I COMMAND  [conn3] command test.$cmd command: ping { ping: 1 } numYields:0 reslen:37 locks:{} protocol:op_query 0ms
2016-08-26T02:00:16.972+0100 D NETWORK  [conn3] SocketException: remote: 127.0.0.1:49553 error: 9001 socket exception [CONNECT_ERROR] 
2016-08-26T02:00:16.972+0100 I -        [conn3] end connection 127.0.0.1:49553 (0 connections now open)
 
 
 
2016-08-26T02:00:29.522+0100 I NETWORK  [thread1] connection accepted from 127.0.0.1:49554 #4 (1 connection now open)
2016-08-26T02:00:29.539+0100 D NETWORK  [conn4] MONGODB-X509 authorization parsed the following roles from peer certificate: 
2016-08-26T02:00:29.539+0100 D NETWORK  [conn4] new ssl connection, SNI server name [my.etc.hosts.name]
2016-08-26T02:00:29.540+0100 I NETWORK  [conn4] received client metadata from 127.0.0.1:49554 conn4: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0x163 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" }
2016-08-26T02:00:29.540+0100 I COMMAND  [conn4] command admin.$cmd command: isMaster { isMaster: 1, client: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0x163 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" } } numYields:0 reslen:189 locks:{} protocol:op_query 0ms
2016-08-26T02:00:29.540+0100 I COMMAND  [conn4] command test.$cmd command: ping { ping: 1 } numYields:0 reslen:37 locks:{} protocol:op_query 0ms
2016-08-26T02:00:29.540+0100 D NETWORK  [conn4] SocketException: remote: 127.0.0.1:49554 error: 9001 socket exception [CONNECT_ERROR] 
2016-08-26T02:00:29.541+0100 I -        [conn4] end connection 127.0.0.1:49554 (0 connections now open

and OpenSSL on Windows (see the difference in the cfg= flags)

 
2016-08-26T01:15:04.139+0100 I NETWORK  [thread1] connection accepted from 127.0.0.1:49483 #2 (1 connection now open)
2016-08-26T01:15:04.143+0100 D NETWORK  [conn2] new ssl connection, SNI server name [localhost]
2016-08-26T01:15:04.143+0100 I NETWORK  [conn2] received client metadata from 127.0.0.1:49483 conn2: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0xe9 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" }
2016-08-26T01:15:04.143+0100 I COMMAND  [conn2] command admin.$cmd command: isMaster { isMaster: 1, client: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0xe9 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" } } numYields:0 reslen:189 locks:{} protocol:op_query 0ms
2016-08-26T01:15:04.143+0100 I COMMAND  [conn2] command test.$cmd command: ping { ping: 1 } numYields:0 reslen:37 locks:{} protocol:op_query 0ms
2016-08-26T01:15:04.143+0100 D NETWORK  [conn2] SocketException: remote: 127.0.0.1:49483 error: 9001 socket exception [CONNECT_ERROR] 
2016-08-26T01:15:04.143+0100 I -        [conn2] end connection 127.0.0.1:49483 (0 connections now open)
 
 
 
2016-08-26T01:15:18.990+0100 I NETWORK  [thread1] connection accepted from 127.0.0.1:49485 #3 (1 connection now open)
2016-08-26T01:15:18.993+0100 D NETWORK  [conn3] new ssl connection, SNI server name [127.0.0.1]
2016-08-26T01:15:18.993+0100 I NETWORK  [conn3] received client metadata from 127.0.0.1:49485 conn3: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0xe9 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" }
2016-08-26T01:15:18.993+0100 I COMMAND  [conn3] command admin.$cmd command: isMaster { isMaster: 1, client: { driver: { name: "mongoc", version: "1.5.0-dev" }, os: { type: "Windows", name: "Windows", version: "6.1 (7601)", architecture: "x86_64" }, platform: "cfg=0xe9 CC=MSVC 1900 CFLAGS= /DWIN32 /D_WINDOWS /W3 LDFLAGS= /machine:x64" } } numYields:0 reslen:189 locks:{} protocol:op_query 0ms
2016-08-26T01:15:18.993+0100 I COMMAND  [conn3] command test.$cmd command: ping { ping: 1 } numYields:0 reslen:37 locks:{} protocol:op_query 0ms
2016-08-26T01:15:18.994+0100 D NETWORK  [conn3] SocketException: remote: 127.0.0.1:49485 error: 9001 socket exception [CONNECT_ERROR] 
2016-08-26T01:15:18.994+0100 I -        [conn3] end connection 127.0.0.1:49485 (0 connections now open)
 
 
2016-08-26T01:16:40.634+0100 I NETWORK  [thread1] connection accepted from 127.0.0.1:49487 #4 (1 connection now open)
2016-08-26T01:16:40.636+0100 D NETWORK  [conn4] new ssl connection, SNI server name [my.etc.hosts.name]
2016-08-26T01:16:40.637+0100 D NETWORK  [conn4] SocketException: remote: 127.0.0.1:49487 error: 9001 socket exception [CONNECT_ERROR] 
2016-08-26T01:16:40.637+0100 I -        [conn4] end connection 127.0.0.1:49487 (0 connections now open)
 

Comment by Bernie Hackett [ 25/Aug/16 ]

Required for MongoDB 3.4.

Generated at Wed Feb 07 21:12:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.