[CDRIVER-249] SSL support for the new C driver Created: 11/Nov/13 Updated: 28/Sep/16 Resolved: 14/Nov/13 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 0.90.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Christian Hergert | Assignee: | Mira Carey |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
There is currently a stub for doing SSL (TLS) connections in the new C driver codebase. See mongoc-stream-tls. {c,h}The goal of this is to use OpenSSL (someday I'd like to support gnutls, but that is another battle) to connect to MongoDB servers that use SSL. We need to do certificate validation as part of this as well. See The server team would prefer to use BIO instead of their current implementation and so we will do the same. This also allows us to reuse our stream abstraction already in the code-base. The PHP driver may eventually be based on this codebase, but they will likely use PHP streams so this is mostly contained to C consumers. We might need to configure the directory for the certificate database. This will probably need to be a function that can be called at library initialization time. |
| Comments |
| Comment by Christian Hergert [ 14/Nov/13 ] |
|
Nice work! Closing as this has been merged to master. |
| Comment by Mira Carey [ 13/Nov/13 ] |
|
I figure I'll keep this in its own branch until we're both happy with it (It's a bunch of code including the cert verification stuff) https://github.com/hanumantmk/libmongoc/commit/4ca18e3966a7a4d58d7b84355226fa9275312601 |
| Comment by Christian Hergert [ 11/Nov/13 ] |
|
Also see mongoc_client_default_stream_initiator(). It should check to see if ssl=true in the mongoc_uri_t. If so, we want to return a wrapped socket using mongoc_stream_tls_new(base_stream). |