-
Type: Bug
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: Authentication
-
None
Summary
libmongoc and libmongocrypt have divergent KMS libraries (CDRIVER-4691). If the libraries are built statically (e.g. PHP driver with bundled sources) and libmongocrypt's KMS library is used, mongoc-cluster-aws.c will trigger an assert failure in kms_request_append_payload() (MONGOCRYPT-581). This breaks MONGODB-AWS authentication.
Independent of a fix in libmongocrypt to relax the assertion logic, libmongoc can work around this by explicitly calculating the payload length instead of passing -1.
Environment
Observed building the PHP driver with libmongoc 1.24.1 and libmongocrypt 1.8.1, but the issue goes back to libmongocrypt 1.7.0.
- is depended on by
-
PHPC-1895 Add native support for AWS IAM Roles for service accounts, EKS in particular
- Closed
- is related to
-
CDRIVER-4691 Sync KMS sources with libmongocrypt
- Closed
-
MONGOCRYPT-581 Allow passing negative len to kms_request_append_payload() for strlen() calculation
- Closed