[CSHARP-1927] The SSL connection example does not work Created: 28/Feb/17  Updated: 15/Nov/19  Resolved: 15/Nov/19

Status: Closed
Project: C# Driver
Component/s: Documentation
Affects Version/s: 2.4
Fix Version/s: 2.10.0

Type: Improvement Priority: Major - P3
Reporter: Kevin Adistambha Assignee: Vincent Kam (Inactive)
Resolution: Done Votes: 3
Labels: new-eng, neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

The C# driver docs has an example on how to connect using SSL in http://mongodb.github.io/mongo-csharp-driver/2.4/reference/driver/ssl/. The code in the page shows:

var cert = new X509Certificate2("client.pfx", "mySuperSecretPassword");
 
var settings = new MongoClientSettings
{
    SslSettings = new SslSettings
    {
        ClientCertificates = new[] { cert },
    },
    UseSsl = true
};

However I find the code doesn't work when trying to connect to a MongoDB server with requireSSL=true.

With some help from andrew.ryder I arrived at a working code:

var cert = new X509Certificate2("client.pfx", "secret");
 
var settings = new MongoClientSettings {
    Server = new MongoServerAddress("myserver.local", 27017),
    SslSettings = new SslSettings {
        ClientCertificates = certs,
        ClientCertificateSelectionCallback = delegate( object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers ) { return certs[0]; },
        ServerCertificateValidationCallback = delegate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors ) 
{ 
   return true; 
}
    },
    UseSsl = true,
};

There seems to be a series of requirements that are not explicit. In light of our push toward a more secure MongoDB deployment, in my opinion the SSL example should be explained more with a working code.



 Comments   
Comment by Vincent Kam (Inactive) [ 15/Nov/19 ]

Thank you nathan.contino  for creating the PR to update our documentation!  

 

Comment by Githook User [ 15/Nov/19 ]

Author:

{'username': 'nathan-contino-mongo', 'email': 'nathan.contino@mongodb.com', 'name': 'nathan-contino-mongo'}

Message: CSHARP-1927: Fix x.509 connection documentation
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/ee9f21e423ffb02e8c42c5c7192b352403800499

Comment by Vincent Kam (Inactive) [ 13/Nov/19 ]

See also: https://github.com/mongodb/mongo-csharp-driver/pull/390

Comment by Vincent Kam (Inactive) [ 07/Oct/19 ]

rosmith@assurecare.com It should be noted that the second snippet in the ticket should only be used in testing or for development, as the ServerCertificateValidationCallback as defined will accept ANY certificate, even if the certificate is invalid.

Comment by Robert Smith [ 24/Sep/19 ]

Thanks Kevin for reporting this. This was the last piece of the puzzle for me getting this to work. I hope the documentation gets updated soon.

Generated at Wed Feb 07 21:41:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.