[CDRIVER-2187] Key file path, key file password, and certificate authority file path must be escaped in MongoDB URI Created: 11/Jun/17  Updated: 27/Oct/23  Resolved: 16/Jun/17

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.7.0
Fix Version/s: 1.7.0

Type: Improvement Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: A. Jesse Jiryu Davis
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-2004 Add SSL Configuration options to the ... Closed
is related to CDRIVER-2186 More Connection String Spec updates Closed

 Description   

Allowing an unescaped "/" or other special character in the key file path, key file password, or the certificate authority file path introduces a parsing ambiguity. It violates the Connection String Spec's algorithm, which requires a driver to parse hostnames and user info from the URI segment before the last "/" character, and requires the driver to parse the options from the segment after the last "/" character. Thus we can't correctly parse a URI like this without violating the spec:

"mongodb://server/?sslclientcertificatekeyfile=/tmp/key.pem"

We can't parse that string while conforming to the spec, because the segment before the last "/" character is this:

"mongodb://server/?sslclientcertificatekeyfile=/tmp"

Instead, we must require this syntax:

"mongodb://server/?sslclientcertificatekeyfile=%2Ftmp%2Fkey.pem"



 Comments   
Comment by A. Jesse Jiryu Davis [ 16/Jun/17 ]

Nevermind, other drivers like PyMongo allow "/" in paths too. We've updated the spec to search the URI forward for the first slash instead of backward for the last, so slashes in paths are ok now.

Generated at Wed Feb 07 21:14:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.