[CDRIVER-948] TLS / SSL connections fail in pooled mode Created: 20/Oct/15 Updated: 08/May/17 Resolved: 22/Oct/15 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc, tls |
| Affects Version/s: | 1.2.0 |
| Fix Version/s: | 1.2.1 |
| Type: | Bug | Priority: | Blocker - P1 |
| Reporter: | A. Jesse Jiryu Davis | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Description |
|
Client operations over SSL will always fail in version 1.2.0 if the client is from a mongoc_pool_t. Beginning in 1.2.0, clients from a pool all share a set of sockets for server monitoring, but use distinct per-client sockets for application operations (such as queries, writes, etc.). When the pool creates sockets for monitoring, it begins a non-blocking connect on each and uses "poll" to wait asynchronously for all of them to finish connecting. When an individual client creates a socket for application operations, the client connects the socket synchronously. In the process of a series of refactorings (mainly related to This allowed a bug to slip through: the new mongoc_stream_wait calls mongoc_stream_poll on a buffered TLS stream, but buffered TLS streams don't implement "poll". So mongoc_stream_poll always errors ("invalid argument", EINVAL) and the connection is considered failed. Symptom: a "find" and "mongoc_cursor_next" operation with a pooled client and SSL enabled fails, with the error, "Cursor Failure: Failed to connect to target host". |
| Comments |
| Comment by Githook User [ 22/Oct/15 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch 'r1.2'
|
| Comment by Githook User [ 22/Oct/15 ] |
|
Author: {u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}Message: Merge branch 'r1.2'
|
| Comment by Githook User [ 22/Oct/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: Although the previous commit removes the need for this, it's a bug |
| Comment by Githook User [ 22/Oct/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: Not needed: mongoc_cluster_fetch_stream_pooled ultimately calls Calling mongoc_stream_wait in pooled mode with SSL failed with EINVAL: |
| Comment by Githook User [ 22/Oct/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: Although the previous commit removes the need for this, it's a bug |
| Comment by Githook User [ 22/Oct/15 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: Not needed: mongoc_cluster_fetch_stream_pooled ultimately calls Calling mongoc_stream_wait in pooled mode with SSL failed with EINVAL: |