[CDRIVER-3369] mongoc_uri_get_tls case-sensitivity is inconsistent with other option functions Created: 18/Sep/19  Updated: 28/Oct/23  Resolved: 10/Jan/20

Status: Closed
Project: C Driver
Component/s: libmongoc, tls
Affects Version/s: 1.7.0
Fix Version/s: 1.16.0

Type: Bug Priority: Major - P3
Reporter: Jeremy Mikola Assignee: Jeremy Mikola
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-3428 Implicitly enable TLS for tlsInsecure... Closed
is related to PHPC-1446 Always enable TLS when any TLS option... Closed
is related to CDRIVER-2869 Implement Unified URI Options Closed

 Description   

mongoc_uri_option_is_bool and mongoc_uri_set_option_as_bool are both documented as being case-insensitive. mongoc_uri_set_option_as_bool does canonicalize the option before setting it, but that is only used to convert SSL options to their TLS variant.

Elsewhere in mongoc-client.c, mongoc_uri_get_tls is used to determine whether TLS should be used for the connection. mongoc_uri_get_tls has also historically used bson_has_field to check for set TLS values (since d9249e4 for CDRIVER-2130, released in 1.7.0). This leads to a possible inconsistency where some TLS URI options may not actually enable TLS for the connection.

Consider:

  • "sslAllowInvalidHostnames" will enable TLS, since it is canonicalized and results in MONGOC_URI_TLSALLOWINVALIDHOSTNAMES being set in the URI options
  • "tlsAllowInvalidHostnames" will not enable TLS. It will not be canonicalized and is set with the same case, which mongoc_uri_get_tls will not detect
  • "tlsallowinvalidhostnames" will enable TLS, because it happens to match the canonical casing

Although CDRIVER-2869 is related, I don't believe it's responsible for the regression. If anything, it subtly fixed an outstanding issue with the older SSL options being case-sensitive with respect to mongoc_uri_get_tls. Given this, I think a 1.16.0 fixVersion may be more appropriate than 1.15.x.



 Comments   
Comment by Githook User [ 10/Jan/20 ]

Author:

{'name': 'Jeremy Mikola', 'email': 'jmikola@gmail.com', 'username': 'jmikola'}

Message: CDRIVER-3369 case-insensitive mongoc_uri_get_tls
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/4c4a646211cbe1a942a054fcfa2f85aa02d12fd0

Comment by Jeremy Mikola [ 08/Jan/20 ]

https://mongodbcr.appspot.com/517630109/

Generated at Wed Feb 07 21:17:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.