A behavior change, but worth it: right now, including "ssl=true" in the URI means the driver connects to the server with SSL. Calling mongoc_client_set_ssl_opts without "ssl=true" does not; the driver still uses a plain-text connection.
Calling mongoc_client_set_ssl_opts should be synonymous with imply "ssl=true".
Already fixed in 1.2 for single-threaded clients, since mongoc_client_set_ssl_opts calls mongoc_topology_scanner_set_ssl_opts. Thus all scanner-node streams are SSL, and the client shares its streams with the scanner nodes.
Not yet fixed for pooled clients, however. In fact, a pooled client on which you call mongoc_client_set_ssl_opts but don't include "ssl=true" won't work because (I expect) it will use SSL for scanner-node connections on its scanner thread, but plain-text connections for the clients.
To complete this ticket, fix pooled client behavior when "ssl=true" is omitted but mongoc_client_set_ssl_opts is called.
- is depended on by
-
CDRIVER-933 mongoc_ssl_opt_get_default changed in 1.2.0
-
- Closed
-
- is related to
-
-
- Closed
-
- related to
-
CDRIVER-970 Prohibit creating client or pool with "ssl=true" if not build with SSL
-
- Closed
-