-
Type: Bug
-
Resolution: Duplicate
-
Priority: Blocker - P1
-
None
-
Affects Version/s: None
-
Component/s: libmongoc
-
None
-
(copied to CRM)
When attempting to use client-side field level encryption by means of an AWS KMS, I run into the error:
TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
The Enterprise MongoDB server I am connecting to is version 5.0.3 and does not require an SSL configuration in the connection.
I have tracked my error down to an inability to set the CA file for the SSL connection to the AWS KMS. In the file "mongo-c-driver-1.19.0/src/libmongoc/src/mongoc/mongoc-crypt.c" there is a _get_stream function whose variable ssl_opts of the type mongoc_ssl_opt_t is filled in with NULL values through the function mongoc_ssl_opt_get_default. I was able to resolve my issue and load and unload encrypted fields successfully by compiling a version of the C driver in which I used _mongoc_getenv to pass in a string that I assigned to the ca_file value of ssl_opts.
If there is a manner of configuring this SSL connection, I have not found the documentation for it nor a code path that assigns values given by the user.
- duplicates
-
CDRIVER-4206 Support KMIP provider
- Closed