0

我正在成功使用 monoc 1.2.0,我现在正尝试以两种模式添加启用 SSL 的连接:

  1. 只需要 SSL 没有证书检查
  2. 提供证书并验证它,包括主机名

对于 1 我得到分段错误:

#0 0x00002ac83368e3c8 in ssl23_connect () from libarepbase.so
#1 0x00002ac83aedb8fc in ?? () from /usr/lib64/libssl.so.10
#2 0x00002ac83ac78423 in mongoc_stream_tls_do_handshake () from libmongoc-1.0.so.0
#3 0x00002ac83ac527f3 in mongoc_async_cmd_tls_setup () from libmongoc-1.0.so.0
#4 0x00002ac83ac5226c in _mongoc_async_cmd_phase_setup () from libmongoc-1.0.so.0
#5 0x00002ac83ac5241d in mongoc_async_cmd_run () from libmongoc-1.0.so.0
#6 0x00002ac83ac51dbc in mongoc_async_run () from libmongoc-1.0.so.0
#7 0x00002ac83ac6f47c in mongoc_topology_scanner_work () from libmongoc-1.0.so.0
#8 0x00002ac83ac6d4d8 in _mongoc_topology_run_scanner () from libmongoc-1.0.so.0
#9 0x00002ac83ac6d5f4 in mongoc_topology_select () from libmongoc-1.0.so.0
#10 0x00002ac83ac59351 in mongoc_cluster_select_by_optype () from libmongoc-1.0.so.0
#11 0x00002ac83ac5e126 in _mongoc_cursor_next () from libmongoc-1.0.so.0
#12 0x00002ac83ac5e635 in mongoc_cursor_next () from libmongoc-1.0.so.0
#13 0x00002ac83ac54e19 in _mongoc_client_command_simple_with_hint () from libmongoc-1.0.so.0
#14 0x00002ac83ac54eeb in mongoc_client_command_simple () from libmongoc-1.0.so.0
#15 0x00002ac83a80d983 in mongodb_new_client () from libarepmongodb.so

对于 2 我得到: No suitable servers found ('serverselectiontryonce' set) 和错误代码:120414

服务器配置是:

net:
    ssl:
        mode: requireSSL                            
        PEMKeyFile: /etc/mongodb-ssl.pem

并且证书具有正确的主机名(服务器 CN)。ssl=true代码在启动客户端的 url 中看起来有点像这样,并且pem_file对于模式 1 没有执行更新的行:

mongoc_ssl_opt_t ssl_opts = *mongoc_ssl_opt_get_default();
ssl_opts.weak_cert_validation = TRUE;
ssl_opts.pem_file = "path to pem here";
mongoc_client_set_ssl_opts(client, &ssl_opts);
bool ret = FALSE;
bson_t cmd = BSON_INITIALIZER;
bson_t reply;

BSON_APPEND_INT32 (&cmd, "buildInfo", 1);

ret = mongoc_client_command_simple (client, "admin", &cmd, NULL, &reply, error);`

当我运行时: /mongo host/admin -u user -p pass --ssl --sslAllowInvalidCertificates 我可以登录但我看到: 2017-03-28T18:14:36.149+0300 W NETWORK [thread1] SSL peer certificate validation failed: self signed certificate 但我想这是因为我使用的是自签名并且ssl_opts.weak_cert_validation = TRUE应该处理它?

4

0 回答 0