[CDRIVER-935] mongoc_client_set_ssl_opts should require SSL Created: 14/Oct/15 Updated: 08/May/17 Resolved: 18/Nov/15 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc, tls |
| Affects Version/s: | 1.2.0 |
| Fix Version/s: | 1.2.1, 1.3.0-rc0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | A. Jesse Jiryu Davis | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Description |
|
A behavior change, but worth it: right now, including "ssl=true" in the URI means the driver connects to the server with SSL. Calling mongoc_client_set_ssl_opts without "ssl=true" does not; the driver still uses a plain-text connection. Calling mongoc_client_set_ssl_opts should be synonymous with imply "ssl=true". Already fixed in 1.2 for single-threaded clients, since mongoc_client_set_ssl_opts calls mongoc_topology_scanner_set_ssl_opts. Thus all scanner-node streams are SSL, and the client shares its streams with the scanner nodes. Not yet fixed for pooled clients, however. In fact, a pooled client on which you call mongoc_client_set_ssl_opts but don't include "ssl=true" won't work because (I expect) it will use SSL for scanner-node connections on its scanner thread, but plain-text connections for the clients. To complete this ticket, fix pooled client behavior when "ssl=true" is omitted but mongoc_client_set_ssl_opts is called. |
| Comments |
| Comment by A. Jesse Jiryu Davis [ 18/Nov/15 ] |
|
Merged into "master" from 1.2 branch. |
| Comment by Githook User [ 04/Nov/15 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch 'r1.2'
|
| Comment by Githook User [ 04/Nov/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: In 1.1.x, all clients (pooled and single-threaded) required an SSL Pooled clients, however, stopped working entirely if the options are |
| Comment by A. Jesse Jiryu Davis [ 30/Oct/15 ] |
|
This patch is now waiting to be merged into 1.3. |
| Comment by A. Jesse Jiryu Davis [ 29/Oct/15 ] |
|
Fixed in 1.2.1. |
| Comment by Githook User [ 29/Oct/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: In 1.1.x, all clients (pooled and single-threaded) required an SSL Pooled clients, however, stopped working entirely if the options are |
| Comment by A. Jesse Jiryu Davis [ 15/Oct/15 ] |
|
Update mongoc_client_default_stream_initiator: |