[CXX-2388] tls=true fails Created: 13/Oct/21 Updated: 27/Oct/23 Resolved: 13/Dec/21 |
|
| Status: | Closed |
| Project: | C++ Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Vlad Rachev (Inactive) | Assignee: | Kevin Albertson |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Hello, I ran into an issue where setting tls=true in the connection string is erroring, but using ssl=true with no other changes succeeds. According to the docs these should be identical. In the failing case, the connection string is:
and logs:
In the successful case, the connection string is:
As seen, the tls=true and ssl=true are the only changes. |
| Comments |
| Comment by PM Bot [ 13/Dec/21 ] | ||||||||||||||||
|
There hasn't been any recent activity on this ticket, so we're resolving it. Thanks for reaching out! Please feel free to comment on this if you're able to provide more information. | ||||||||||||||||
| Comment by Kevin Albertson [ 26/Nov/21 ] | ||||||||||||||||
|
Hi vlad.rachev, apologies for the slow response. I was not able to repro with an isolated example in the C++ driver. The repro attempt is here. The repro starts mongod with --tlsMode requireTLS and is able to connect with TLS using URIs with both ssl=true and tls=true. A "certificate verify failed" error is an indication that the tlsCAFile (or the equivalent sslCertificateAuthorityFile) is not configured. The "ssl=true" URI does not appear to configure TLS options in Genny. Here is the log output of a dry-run with a URI containing tls=true. It logs "Adding tls options to pool...":
Here is the output of a dry-run with a URI containing ssl=true. It does not log "Adding tls options to pool...":
I believe adding a check for "ssl" here should make the behavior consistent. | ||||||||||||||||
| Comment by Vlad Rachev (Inactive) [ 26/Oct/21 ] | ||||||||||||||||
|
1.17.0 according to https://github.com/10gen/vcpkg/blob/master/ports/libmongoc/CONTROL. Btw I should've mentioned that this isn't a priority for me, just something I noticed and wasn't sure if it was known. | ||||||||||||||||
| Comment by Kevin Albertson [ 18/Oct/21 ] | ||||||||||||||||
|
vlad.rachev which version of the C driver are you using? Support for the tls options was added in the C driver in | ||||||||||||||||
| Comment by Vlad Rachev (Inactive) [ 13/Oct/21 ] | ||||||||||||||||
|
If it helps we're on 3.6.0. |