[CDRIVER-249] SSL support for the new C driver Created: 11/Nov/13  Updated: 28/Sep/16  Resolved: 14/Nov/13

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 0.90.0

Type: Improvement Priority: Major - P3
Reporter: Christian Hergert Assignee: Mira Carey
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-1156 TLS Improved Closed

 Description   

There is currently a stub for doing SSL (TLS) connections in the new C driver codebase. See mongoc-stream-tls.

{c,h}

The goal of this is to use OpenSSL (someday I'd like to support gnutls, but that is another battle) to connect to MongoDB servers that use SSL.

We need to do certificate validation as part of this as well. See CDRIVER-215

The server team would prefer to use BIO instead of their current implementation and so we will do the same. This also allows us to reuse our stream abstraction already in the code-base.

The PHP driver may eventually be based on this codebase, but they will likely use PHP streams so this is mostly contained to C consumers.

We might need to configure the directory for the certificate database. This will probably need to be a function that can be called at library initialization time.



 Comments   
Comment by Christian Hergert [ 14/Nov/13 ]

Nice work!

Closing as this has been merged to master.

Comment by Mira Carey [ 13/Nov/13 ]

I figure I'll keep this in its own branch until we're both happy with it (It's a bunch of code including the cert verification stuff)

https://github.com/hanumantmk/libmongoc/commit/4ca18e3966a7a4d58d7b84355226fa9275312601

Comment by Christian Hergert [ 11/Nov/13 ]

Also see mongoc_client_default_stream_initiator(). It should check to see if ssl=true in the mongoc_uri_t. If so, we want to return a wrapped socket using mongoc_stream_tls_new(base_stream).

Generated at Wed Feb 07 21:08:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.