Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-841

Improve SSL connection error messages

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.4.0
    • Affects Version/s: None
    • Component/s: libmongoc, tls

      Take for example the following mongo invocation (with .pem files taken out of phongo's test suite, talking to the phongo vm created servers).

      mongo 192.168.112.10:2100 -ssl -sslPEMKeyFile=client.pem -sslCAFile ca.pem  --sslPEMKeyPassword "Very secretive client.pem passphrase"
      

      This produces:

      2015-09-15T14:44:47.727+0100 E NETWORK  The server certificate does not match the host name 192.168.112.10
      2015-09-15T14:44:47.729+0100 E QUERY    Error: socket exception [CONNECT_ERROR] for 
      

      Using the C driver directly:

      #include <bson.h>
      #include <mongoc.h>
      
      int main (int   argc, char *argv[])
      {
          mongoc_client_t *client;
          bson_t bson;
          bson_error_t error;
          mongoc_ssl_opt_t ssl_opts = { "client.pem", "Very secretive client.pem passphrase", "ca.pem", ".", "crl.pem", false };
      
          mongoc_init();
      
          /* Create our MongoDB Client */
          client = mongoc_client_new("mongodb://192.168.112.10:2100/?ssl=true");
          mongoc_client_set_ssl_opts(client, &ssl_opts);
         
          /* do something with client ... */
          if (!mongoc_client_get_server_status(client, NULL, &bson, &error)) {
              printf("error: %s\n", error.message);
          }
         
          mongoc_client_destroy(client);
          mongoc_cleanup();
      
          return 0;
      }
      

      Currently, just like with any other connection failure, the driver just returns "error: No suitable servers found".

      It does not tell me there was an error with SSL connection in general, and certainly not that it was because of a wrong name.

      Please add more specific error messages for SSL connections, including, but not limited to:

      • The server that you're trying to talk to, does not have SSL turned on (but you connected to it with SSL).
      • The server that you're trying to talk to, does have SSL turned on (but you didn't set the option)
      • The server certificate does not match the hostname "192.168.112.10"
      • The server certificate didn't match with the client certificate
      • The certificate has been revoked.
      • Etc.

      (it would also be helpful, if these same things showed up in the normal log that the server produces)

            Assignee:
            bjori Hannes Magnusson
            Reporter:
            derick Derick Rethans
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: