[SERVER-14256] Connection issue to Mongodb SSL using mono in mac Created: 14/Jun/14  Updated: 10/Dec/14  Resolved: 18/Jun/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.6.1
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Vibhu Kasrija Assignee: Ramon Fernandez Marina
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

MongoDB 2.6.1, Mac Osx


Attachments: File Vibhu_key.ppk     File vibhu.crt     File vibhu.key     File vibhu.pfx    
Participants:

 Description   

I have setup MongoDB SSL on my test machine on mac. now I am able to connect to mongo shell using ca file.

I have created a client certificate using same CA and now trying to connect to my application using that .pfx file on mac using mono. below is the code I am suing for connection to MongoDB.

mongoSettings.UseSsl = connectionInfo.EnableSSL; 
mongoSettings.SslSettings = new SslSettings(); 
mongoSettings.SslSettings.EnabledSslProtocols = System.Security.Authentication.SslProtocols.Default;
mongoSettings.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
            try
            {
                if (connectionInfo.VerifyClientCertificate)
                {
 
                    certFile = DeadlineConfig.GetCertFilePath();
                    string password = DeadlineConfig.GetSSLPassword();
 
                    if (certFile == null || certFile == "")
                    {
                        certFile = connectionInfo.CertFile;
                        password = connectionInfo.SSLPassword;
                    }
 
                    password = password.Replace("\n", String.Empty);
                    password = password.Replace("\r", String.Empty);
                    password = password.Replace("\t", String.Empty);
                    password = password.Trim();
 
 
                    System.Security.Cryptography.X509Certificates.X509Certificate cert = new System.Security.Cryptography.X509Certificates.X509Certificate(certFile, password,     System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.DefaultKeySet);
                    mongoSettings.SslSettings.ClientCertificates = new List<System.Security.Cryptography.X509Certificates.X509Certificate>() { cert };
                    mongoSettings.SslSettings.ClientCertificateSelectionCallback = (sender, host, certificates, certificate, issuers) => mongoSettings.SslSettings.ClientCertificates.ToList()[0];
 
                }
 
            }

It fails with error - Unable to connect to server : The authentication or decryption has failed.

Please anyone could look into this.



 Comments   
Comment by Ramon Fernandez Marina [ 18/Jun/14 ]

Without logs it's extremely hard to diagnose this issue. Since I don't see any evidence of a bug in the server I'm going to mark this issue as resolved.

I'd recommend you post your question on the mongodb-users group or Stack Overflow with the mongodb tag. A question like this involving more discussion would be best posted on the mongodb-users group, as the SERVER project is for reporting bugs and new features in the MongoDB server.

Comment by Vibhu Kasrija [ 17/Jun/14 ]

Below is the error stack:

An error occurred while trying to connect to the Database (192.168.2.136:27025). It is possible that the Mongo Database server is incorrectly configured, currently offline, blocked by a firewall, or experiencing network issues.
Full error: at MongoDB.Driver.Internal.DirectMongoServerProxy.Connect (TimeSpan timeout, MongoDB.Driver.ReadPreference readPreference) [0x00000] in <filename unknown>:0
at MongoDB.Driver.Internal.DirectMongoServerProxy.ChooseServerInstance (MongoDB.Driver.ReadPreference readPreference) [0x00000] in <filename unknown>:0
at MongoDB.Driver.MongoServer.AcquireConnection (MongoDB.Driver.ReadPreference readPreference) [0x00000] in <filename unknown>:0
at MongoDB.Driver.MongoDatabase.RunCommandAs[CommandResult] (IMongoCommand command, IBsonSerializer resultSerializer, IBsonSerializationOptions resultSerializationOptions) [0x00000] in <filename unknown>:0
at MongoDB.Driver.MongoDatabase.RunCommandAs[CommandResult] (IMongoCommand command) [0x00000] in <filename unknown>:0
at MongoDB.Driver.MongoDatabase.RunCommandAs[CommandResult] (System.String commandName) [0x00000] in <filename unknown>:0
at MongoDB.Driver.MongoDatabase.RunCommand (System.String commandName) [0x00000] in <filename unknown>:0
at MongoDB.Driver.MongoServer.GetDatabaseNames () [0x00000] in <filename unknown>:0
at Deadline.StorageDB.MongoDB.MongoDBUtils.SetUpDeadlineDB (Deadline.StorageDB.ConnectionInfo connectionInfo) [0x00000] in <filename unknown>:0

This is not making any connection with the database so nothing in the MongoDB log.

I have attached certificates as well. This is basically issue when I am connecting to MongoDB via mono on mac.

I have added key and certificate both to the mono store.

Thanks!

Comment by Ramon Fernandez Marina [ 16/Jun/14 ]

We'll need more information to determine if this is a bug in the server or not. Can you please post the server logs during these authentication failures? Also, can you post the certificates you're using?

Generated at Thu Feb 08 03:34:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.