未指定SSL的PEM文件时出现分段错误

时间:2017-03-29 09:14:22

标签: c mongodb openssl mongo-c-driver

我成功使用monoc 1.2.0, 我现在尝试在两种模式下添加启用SSL的连接:

  1. 仅需要SSL无证书检查
  2. 提供证书并验证,包括主机名

    3. 对于1我得到分段错误:

    #0 0x00002ac83368e3c8 in ssl23_connect () from libarepbase.so
#1 0x00002ac83aedb8fc in ?? () from /usr/lib64/libssl.so.10
#2 0x00002ac83ac78423 in mongoc_stream_tls_do_handshake () from libmongoc-1.0.so.0
#3 0x00002ac83ac527f3 in mongoc_async_cmd_tls_setup () from libmongoc-1.0.so.0
#4 0x00002ac83ac5226c in _mongoc_async_cmd_phase_setup () from libmongoc-1.0.so.0
#5 0x00002ac83ac5241d in mongoc_async_cmd_run () from libmongoc-1.0.so.0
#6 0x00002ac83ac51dbc in mongoc_async_run () from libmongoc-1.0.so.0
#7 0x00002ac83ac6f47c in mongoc_topology_scanner_work () from libmongoc-1.0.so.0
#8 0x00002ac83ac6d4d8 in _mongoc_topology_run_scanner () from libmongoc-1.0.so.0
#9 0x00002ac83ac6d5f4 in mongoc_topology_select () from libmongoc-1.0.so.0
#10 0x00002ac83ac59351 in mongoc_cluster_select_by_optype () from libmongoc-1.0.so.0
#11 0x00002ac83ac5e126 in _mongoc_cursor_next () from libmongoc-1.0.so.0
#12 0x00002ac83ac5e635 in mongoc_cursor_next () from libmongoc-1.0.so.0
#13 0x00002ac83ac54e19 in _mongoc_client_command_simple_with_hint () from libmongoc-1.0.so.0
#14 0x00002ac83ac54eeb in mongoc_client_command_simple () from libmongoc-1.0.so.0
#15 0x00002ac83a80d983 in mongodb_new_client () from libarepmongodb.so

    2我得到: No suitable servers found ('serverselectiontryonce' set) 和错误代码:120414

    服务器配置为:

    net:
    ssl:
        mode: requireSSL                            
        PEMKeyFile: /etc/mongodb-ssl.pem

    并且证书具有正确的主机名(服务器CN)。 代码看起来有点像这样,url中的ssl=true启动客户端,并且没有为模式1执行更新pem_file的行:

    mongoc_ssl_opt_t ssl_opts = *mongoc_ssl_opt_get_default();
ssl_opts.weak_cert_validation = TRUE;
ssl_opts.pem_file = "path to pem here";
mongoc_client_set_ssl_opts(client, &ssl_opts);
bool ret = FALSE;
bson_t cmd = BSON_INITIALIZER;
bson_t reply;

BSON_APPEND_INT32 (&cmd, "buildInfo", 1);

ret = mongoc_client_command_simple (client, "admin", &cmd, NULL, &reply, error);`

    当我跑步时: /mongo host/admin -u user -p pass --ssl --sslAllowInvalidCertificates 我可以登录,但我看到: 2017-03-28T18:14:36.149+0300 W NETWORK [thread1] SSL peer certificate validation failed: self signed certificate 但我想这是因为我使用自签名而ssl_opts.weak_cert_validation = TRUE应该处理它?<​​/ p>

0 个答案:

没有答案
相关问题
最新问题