[CDRIVER-4284] Empty OpenSSL error reported when connecting to a load balancer fronting a nonexistent server Created: 03/Feb/22  Updated: 28/Oct/23  Resolved: 09/Feb/22

Status: Closed
Project: C Driver
Component/s: libmongoc, tls
Affects Version/s: 1.20.1
Fix Version/s: 1.22.0, 1.22.0-beta0

Type: Task Priority: Minor - P4
Reporter: Jeremy Mikola Assignee: Ezra Chung
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to PHPC-2047 Update load balancer tests to support... Closed

 Description   

This came up in this patch build for PHPC-2047.

In that patch build, I neglected to specify the correct mongo orchestration config, so a sharded cluster (with SSL) was launched with two mongos servers listening on ports 27017 and 27018. The load balancer on port 8000 was proxying a single mongos on port 27050 (which did not actually exist).

The connection string was: mongodb://127.0.0.1:8000/?loadBalanced=true&ssl=true&sslallowinvalidcertificates=true

Most tests in the patch build were skipped due to the following error:

Could not establish stream for node 127.0.0.1:8000: [TLS handshake failed: error:00000000:lib(0):func(0):reason(0) calling hello on '127.0.0.1:8000']

openssl/openssl#1272 suggests that "error:00000000:lib(0):func(0):reason(0)" indicates that there is no OpenSSL error to report. Looking at the format of that error message, I believe this topology scanner error message originates from this line in _mongoc_stream_tls_openssl_handshake when _mongoc_stream_tls_openssl_cert_verify_failed returns false.

I imagine some error is to be expected here, since the server is clearly inaccessible and cannot complete a handshake, but it seems odd that libmongoc would report an empty OpenSSL error.



 Comments   
Comment by Githook User [ 09/Feb/22 ]

Author:

{'name': 'Ezra Chung', 'email': '88335979+eramongodb@users.noreply.github.com', 'username': 'eramongodb'}

Message: CDRIVER-4284 Avoid empty OpenSSL error condition on handshake failure (#943)

  • Add conditions to handle lack of error info by OpenSSL library
Generated at Wed Feb 07 21:20:29 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.