<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:20:17 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-4219] AWS KMS SSL connection is not configurable</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-4219</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;When attempting to use client-side field level encryption by means of an AWS KMS, I run into the error:&#160;&lt;br/&gt;
TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed&lt;/p&gt;

&lt;p&gt;The Enterprise MongoDB server I am connecting to is version 5.0.3 and does not require an SSL configuration in the connection.&#160;&lt;/p&gt;

&lt;p&gt;I have tracked my error down to an inability to set the CA file for the SSL connection to the AWS KMS. In the file&#160;&quot;mongo-c-driver-1.19.0/src/libmongoc/src/mongoc/mongoc-crypt.c&quot; there is a _get_stream function whose variable ssl_opts of the type mongoc_ssl_opt_t is filled in with NULL values through the function mongoc_ssl_opt_get_default. I was able to resolve my issue and load and unload encrypted fields successfully by compiling a version of the C driver in which I used _mongoc_getenv to pass in a string that I assigned to the ca_file value of ssl_opts.&#160;&lt;/p&gt;

&lt;p&gt;If there is a manner of configuring this SSL connection, I have not found the documentation for it nor a code path that assigns values given by the user.&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="1919587">CDRIVER-4219</key>
            <summary>AWS KMS SSL connection is not configurable</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="1" iconUrl="https://jira.mongodb.org/images/icons/priorities/blocker.svg">Blocker - P1</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="mpiazza@abinitio.com">Matthew Piazza</reporter>
                        <labels>
                    </labels>
                <created>Fri, 5 Nov 2021 20:31:41 +0000</created>
                <updated>Mon, 15 Nov 2021 02:36:46 +0000</updated>
                            <resolved>Mon, 15 Nov 2021 02:36:24 +0000</resolved>
                                                                    <component>libmongoc</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="4187752" author="kevin.albertson" created="Mon, 15 Nov 2021 02:36:24 +0000"  >&lt;p&gt;This is resolved by &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4206&quot; title=&quot;Support KMIP provider&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4206&quot;&gt;&lt;del&gt;CDRIVER-4206&lt;/del&gt;&lt;/a&gt;. It enables configuring &lt;tt&gt;tlsCAFile&lt;/tt&gt;, &lt;tt&gt;tlsCertificateKeyFile&lt;/tt&gt;, and &lt;tt&gt;tlsCertificateKeyFilePassword&lt;/tt&gt; with the new functions {{ mongoc_auto_encryption_opts_set_tls_opts}} and {{ mongoc_client_encryption_opts_set_tls_opts}}. It will be part of the C 1.20.0 release. The tentative ETA is Nov 16.&lt;/p&gt;</comment>
                            <comment id="4173603" author="kevin.albertson" created="Sun, 7 Nov 2021 18:05:32 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=mpiazza%40abinitio.com&quot; class=&quot;user-hover&quot; rel=&quot;mpiazza@abinitio.com&quot;&gt;mpiazza@abinitio.com&lt;/a&gt;, thank you for the feature request. Configuring TLS options for KMS providers is being added in &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4206&quot; title=&quot;Support KMIP provider&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4206&quot;&gt;&lt;del&gt;CDRIVER-4206&lt;/del&gt;&lt;/a&gt;. That will make it possible to configure an equivalent of the &lt;tt&gt;ca_file&lt;/tt&gt; option on TLS connections made to AWS KMS.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;If there is a manner of configuring this SSL connection, I have not found the documentation for it nor a code path that assigns values given by the user.&#160;&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;That is correct. There is no way to configure TLS connections for KMS providers currently. The default options from &lt;tt&gt;mongoc_ssl_opt_get_default&lt;/tt&gt; are currently used.&lt;/p&gt;

&lt;p&gt;In the meantime, a possible workaround may be to install the necessary CA certificate system-wide.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="1910139">CDRIVER-4206</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K00000zCFOvQAO]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hzst4v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>