[COMPASS-2207] Compass should provide the same set of SSL-related options as mongo shell Created: 31/Aug/16  Updated: 27/Sep/19  Resolved: 27/Sep/19

Status: Closed
Project: Compass
Component/s: Compass
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Dmitry Ryabtsev Assignee: Unassigned
Resolution: Incomplete Votes: 2
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Epic Link: INT-436

 Description   

At present (judging by the 1.3beta) Compass does not provide the same set of SSL-related options as mongo shell. For instance:

  • There is no way to specify CRL ("--sslCRLFile" in shell)
  • There is no way to disable hostname validation ("--sslAllowInvalidHostnames")
  • No analogue of "--sslAllowInvalidCertificates" - note it's not the same as "Unvalidated" SSL connection. That option (in combination with others) allows the client (e.g. shell) to present it's own certificate to the server, even if we accept that validation of the server's certificate can fail. The "Unvalidated" option does not allow client to present its certificate.

Essentially, without these options the amount of SSL-related use cases supported by Compass is less than the amount of use cases supported by the shell.

FWIW Even Robomongo does more than Compass: http://blog.robomongo.org/robomongo-rc10/



 Comments   
Comment by Massimiliano Marcon [ 27/Sep/19 ]

Closing this issue in JIRA. It's been moved to the new, unified feedback engine at https://feedback.mongodb.com/forums/924283-compass.

We are looking for input to decide how to prioritize it, so go there, look for the suggestion, vote and leave comments. If you don't find it, feel free to create a new one.

Comment by Sam Weaver [ 01/Feb/18 ]

Anything outstanding will be addressed in Connect V2 work upcoming next q.

Comment by Peter Schmidt [ 21/Oct/17 ]

Closing as Wont Fix.

Compass tickets should be raised in or migrated to the [COMPASS|jira.mongodb.org/browse/COMPASS] JIRA project.

Comment by Jason Mimick (Inactive) [ 26/Apr/17 ]

+1 on supporting less used SSL options.

For example, I need to spin up demo clusters, bi-connectors, and other such stuff for trainings and consultations.
I would like to show customers how all our tools work seamlessly with auth, ssl, ldap, etc.

Right now - I can't use Compass with --sslAllowInvalidHostnames, so double vote up to at least support that kind of option.

Comment by Dmitry Ryabtsev [ 11/Feb/17 ]

Can somebody please explain to me why this ticket was closed as "Gone Away"? As far as I can tell the situation is still the same with Compass 1.5.1 - there is no way to disable hostname validation, Unvalidated mode for SSL does not allow specifying a client's certificate etc.

And to add a bit more, I've got another ticket from a CS customer who claims that they can connect with SSL enabled using RoboMongo but not with Compass – that again because hostname validation cannot be disabled in Compass.

Comment by Matt Kangas [ 31/Aug/16 ]

Hi dmitry.ryabtsev, thank you for the feedback! It is true that some use-cases supported by the shell are not supported currently by Compass. I have linked known related issues to this ticket.

Generated at Wed Feb 07 22:29:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.