Mongocxx无法使用SSL连接到mongoDB [英] Mongocxx fails to connect to mongoDB with SSL

问题描述

我完成了以下教程( https://medium.com/@rajanmaharjan/secure-your-mongodb-connections-ssl-tls-92e2addb3c89 )来设置自签名SSL证书，以保护设备与托管mongoDB数据库的服务器之间的通信.

I completed the following tutorial (https://medium.com/@rajanmaharjan/secure-your-mongodb-connections-ssl-tls-92e2addb3c89) to set up self-signed SSL certificates to secure communications between a device and a server hosting a mongoDB database.

我可以使用以下命令从服务器和设备访问数据库:

I can access the database from the server and from the device with the following command:

mongo --ssl --sslCAFile /path/to/CA.pem --sslPEMKeyFile /path/to/mongodb.pem --host IP:port

当我尝试使用C ++程序连接到数据库时，出现段错误:

When I try to connect to the database with a C++ program, I get a seg fault:

Segmentation fault (core dumped)

GDB的输出是

Program received signal SIGSEGV, Segmentation fault. 0x0000007fb7f6d6a8 in mongocxx::v_noabi::client::client(mongocxx::v_noabi::uri const&, mongocxx::v_noabi::options::client const&) () from /usr/local/lib/libmongocxx.so._noabi

Program received signal SIGSEGV, Segmentation fault. 0x0000007fb7f6d6a8 in mongocxx::v_noabi::client::client(mongocxx::v_noabi::uri const&, mongocxx::v_noabi::options::client const&) () from /usr/local/lib/libmongocxx.so._noabi

我通过以下方式实例化连接:

I instanciate the connection with:

mongocxx::instance instance{};

mongocxx::options::ssl ssl_opts;
ssl_opts.pem_file("/path/to/mongodb.pem");
// ssl_opts.allow_invalid_certificates(false); // I have tried this

mongocxx::options::client client_opts;
client_opts.ssl_opts(ssl_opts);

auto client = mongocxx::client{mongocxx::uri{"mongodb://user:pwd@IP:port/?authMechanism=MONGODB-X509&ssl=true"}, client_opts};

并使用以下命令进行编译:

And compile with the following command:

c++ --std=c++11 main.cpp $(pkg-config --cflags --libs libmongocxx) -Wl,-rpath,/usr/local/lib

我无法解决此错误或无法在线找到解决方案，我们将不胜感激.

I have not been able to fix this error or find a solution online, any help would be much appreciated.

版本:

Mongo c-1.10.1

Mongo c - 1.10.1

Mongo cxx-3.3.0

Mongo cxx - 3.3.0

回溯:

(gdb) thread apply all bt

Thread 1 (Thread 0x7fb7ff4000 (LWP 17800)):
#0  0x0000007fb7f6d6a8 in 
mongocxx::v_noabi::client::client(mongocxx::v_noabi::uri const&, 
mongocxx::v_noabi::options::client const&) () from 
/usr/local/lib/libmongocxx.so._noabi
#1  0x00000000004027d0 in main ()

推荐答案

存在一个已知的严重错误，并将options::ssl_opts传递给C ++驱动程序版本3.3.0中的客户端构造函数，从而导致segfault.此问题已在3.3.1中修复.强烈建议您升级.

There's a known serious bug with passing options::ssl_opts to the client constructor in the C++ driver version 3.3.0 causing the segfault. This is fixed in 3.3.1. It is highly recommended that you upgrade.

作为3.3.0的解决方法，您可以通过URI字符串传递pem_file选项. URI选项"sslclientcertificatekeyfile"对应于options::ssl::pem_file选项.例如:

As a workaround for 3.3.0, you can pass the pem_file option through the URI string. The URI option "sslclientcertificatekeyfile" corresponds to the options::ssl::pem_file option. E.g:

auto uri = mongocxx::uri{"mongodb://localhost/?ssl=true&sslclientcertificatekeyfile=/path/to/mongodb.pem"};

但是请尽可能升级到3.3.1.

But do upgrade to 3.3.1 if possible.

这篇关于Mongocxx无法使用SSL连接到mongoDB的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！