[CDRIVER-3318] Issues running some commands via mongoc when using SSL on macOS Created: 14/Aug/19 Updated: 28/Oct/23 Resolved: 25/Oct/19 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.16.0, 1.15.3 |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Kaitlin Mahar | Assignee: | Samantha Ritter (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | platform-problems | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Mac OS X 10.14.5 |
||
| Attachments: |
|
||||
| Issue Links: |
|
||||
| Description |
|
I am running a standalone mongod (v4.0.5) started as follows using the certs from mongo-orchestration:
The first command I noticed issues with is buildInfo. I am able to run buildInfo via the shell as follows:
However when I try to run it via mongoc (see attached file), the command hangs for 5 minutes and then fails with the output
I have reproduced this both on mongoc 1.14.0 and 1.15.0. This is example #1 in the attached file. You will need to replace the absolute path to the CA file with your own local path. The second command I ran into issues with is listIndexes. See example 2 in the attached file. This came about running a Swift driver test that creates a couple of indexes and exercises a bunch of options, and then calls mongoc_collection_find_indexes_with_opts to get the results. The function call would hang for a few minutes and eventually print out
I can't quite figure it out, but the issue has something to do with the size of the createIndexes command run before the call to listIndexes. Possibly the issue just occurs after some number of bytes are read and if your initial command was large enough that one would hang, too. This only seems to happen in pooled mode. Switching to just creating a new client with the URI solves the problem. The issues do not occur on Linux. For now I will use serverStatus in place of buildInfo, and skip the problematic index test when using SSL. Since we already triggered this issue 2x in our tests inadvertently it seems like it would be fairly easy for a user to encounter as well. |
| Comments |
| Comment by Githook User [ 13/Dec/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'samantharitter', 'email': 'samantha.ritter@10gen.com', 'username': 'samantharitter'}Message: | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 13/Dec/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'samantharitter', 'email': 'samantha.ritter@10gen.com', 'username': 'samantharitter'}Message: | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Kaitlin Mahar [ 25/Oct/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
Tried it out and our previously failing tests work now. Thanks again! | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 25/Oct/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'username': 'samantharitter', 'email': 'samantha.ritter@10gen.com', 'name': 'samantharitter'}Message: | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 25/Oct/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'username': 'samantharitter', 'email': 'samantha.ritter@10gen.com', 'name': 'samantharitter'}Message: | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Kaitlin Mahar [ 18/Oct/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
Tricky! Good find. Thanks for the update and for fixing this! I will test out the changes once this has been merged. | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Samantha Ritter (Inactive) [ 18/Oct/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
It turns out that this issue is specific to Secure Transport, not to other ssl libraries on osx. I discovered that the bug is due to a way that we were integrating with Secure Transport. Unlike other libraries' SSL read methods, Secure Transport's SSLRead method will block until it reads the number of bytes passed to it or times out. Rather than passing our actual desired minimum bytes into this method, we pass in the length of the buffer allocated to receive the bytes, which is often greater in size than the message we expect. We should be doing some math to pass whichever value is smaller, the buffer, or the remaining bytes we'd like Secure Transport to read. I am not exactly sure why your specific tests caused this bug to surface, and I'm surprised that we have not seen it before! | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Kaitlin Mahar [ 19/Aug/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
I am also encountering this issue trying to run either one of buildInfo or serverStatus against a sharded cluster with SSL on. Started using MongoDB 4.2 and this MO config (just the ssl.json sharded cluster one with SSL file paths changed):
And I am running the command in the same fashion as in the buildInfo example in the attached file, with URI: | ||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Kaitlin Mahar [ 15/Aug/19 ] | ||||||||||||||||||||||||||||||||||||||||||||||||
|
FYI I also am encountering something similar to example 2 in a test that creates a couple collections using a bunch of options and then tries to call mongoc_database_find_collections_with_opts. (I guess this is not surprising as I assume the methods for listing indexes and collections are implemented very similarly.) |