Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-935

mongoc_client_set_ssl_opts should require SSL

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.2.1, 1.3.0-rc0
    • Affects Version/s: 1.2.0
    • Component/s: libmongoc, tls
    • None

      A behavior change, but worth it: right now, including "ssl=true" in the URI means the driver connects to the server with SSL. Calling mongoc_client_set_ssl_opts without "ssl=true" does not; the driver still uses a plain-text connection.

      Calling mongoc_client_set_ssl_opts should be synonymous with imply "ssl=true".

      Already fixed in 1.2 for single-threaded clients, since mongoc_client_set_ssl_opts calls mongoc_topology_scanner_set_ssl_opts. Thus all scanner-node streams are SSL, and the client shares its streams with the scanner nodes.

      Not yet fixed for pooled clients, however. In fact, a pooled client on which you call mongoc_client_set_ssl_opts but don't include "ssl=true" won't work because (I expect) it will use SSL for scanner-node connections on its scanner thread, but plain-text connections for the clients.

      To complete this ticket, fix pooled client behavior when "ssl=true" is omitted but mongoc_client_set_ssl_opts is called.

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: