Uploaded image for project: 'Ruby Driver'
  1. Ruby Driver
  2. RUBY-1722

Distinguish client configuration TLS errors from network ones

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: Dev Exp
    • None

      I got this error with my self-signed ssl deployment, after requesting insecure TLS:

      D, 2019-02-17T22:08:22.520346 #29797 DEBUG – : MONGODB | Error running ismaster on localhost:27400: SSL_CTX_use_certificate: ca md too weak

      URI used:

      CLIENT_DEBUG=1 MONGODB_URI=mongodb://localhost:27400/?rxeplicaSet=ruby-driver-rs'&ssl=true&tlsInsecure=true' bs spec/mongo/socket/ssl_spec.rb

      The reason for this error is that openssl rejected the attempt to add the client's certificate for the server to the client configuration. This happened before anything was sent over the network, and has nothing to do with server configuration. Yet the error as reported is indistinguishable from, say, the server rejecting the client's certificate or the client rejecting the server's certificate.

      The driver should report pre-i/o client configuration errors in a way that makes it clear that those have to do with client configuration.

            Assignee:
            Unassigned Unassigned
            Reporter:
            oleg.pudeyev@mongodb.com Oleg Pudeyev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: