-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: Dev Exp
-
None
I got this error with my self-signed ssl deployment, after requesting insecure TLS:
D, 2019-02-17T22:08:22.520346 #29797 DEBUG – : MONGODB | Error running ismaster on localhost:27400: SSL_CTX_use_certificate: ca md too weak
URI used:
CLIENT_DEBUG=1 MONGODB_URI=mongodb://localhost:27400/?rxeplicaSet=ruby-driver-rs'&ssl=true&tlsInsecure=true' bs spec/mongo/socket/ssl_spec.rb
The reason for this error is that openssl rejected the attempt to add the client's certificate for the server to the client configuration. This happened before anything was sent over the network, and has nothing to do with server configuration. Yet the error as reported is indistinguishable from, say, the server rejecting the client's certificate or the client rejecting the server's certificate.
The driver should report pre-i/o client configuration errors in a way that makes it clear that those have to do with client configuration.
- related to
-
PHPC-1180 Fix peer certificate verification errors for SSL clusters
- Closed