如何在mongo中修复SSL错误“ CSSMERR_TP_VERIFY_ACTION_FAILED”?

时间:2019-07-01 22:15:38

标签: mongodb macos ssl openssl

每当尝试使用SSL标志--ssl--sslAllowInvalidHostnames--sslCAFile连接时,我都会看到此错误消息:

MongoDB shell version v4.0.10
connecting to: mongodb://<redacted>
2019-07-01T14:47:17.420-0700 D NETWORK  [js] creating new connection to:<redacted>
2019-07-01T14:47:17.687-0700 E NETWORK  [js] SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_VERIFY_ACTION_FAILED; connection rejected
2019-07-01T14:47:17.687-0700 D -        [js] User Assertion: SSLHandshakeFailed: SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_VERIFY_ACTION_FAILED; connection rejected src/mongo/transport/session_asio.h 242
2019-07-01T14:47:17.687-0700 D -        [js] User Assertion: InternalError: couldn't connect to server <redacted>, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_VERIFY_ACTION_FAILED; connection rejected src/mongo/scripting/mozjs/mongo.cpp 757
2019-07-01T14:47:17.687-0700 E QUERY    [js] Error: couldn't connect to server <redacted>, connection attempt failed: SSLHandshakeFailed: SSL peer certificate validation failed: Certificate trust failure: CSSMERR_TP_VERIFY_ACTION_FAILED; connection rejected :
connect@src/mongo/shell/mongo.js:344:17
@(connect):2:6
2019-07-01T14:47:17.687-0700 D -        [js] User Assertion: Location12513: connect failed src/mongo/shell/shell_utils.cpp 344
2019-07-01T14:47:17.687-0700 I QUERY    [js] MozJS GC prologue heap stats -  total: 3664180 limit: 0
2019-07-01T14:47:17.689-0700 I QUERY    [js] MozJS GC epilogue heap stats -  total: 2620 limit: 0
2019-07-01T14:47:17.689-0700 I QUERY    [js] MozJS GC prologue heap stats -  total: 4916 limit: 0
2019-07-01T14:47:17.689-0700 I QUERY    [js] MozJS GC epilogue heap stats -  total: 12 limit: 0
2019-07-01T14:47:17.690-0700 D -        [main] User Assertion: Location12513: connect failed src/mongo/scripting/mozjs/proxyscope.cpp 302
exception: connect failed

我已验证以下内容:

  • 我的SSL证书是最新的,并确认是正确的
  • 我的SSL版本是1.0.2s
  • 我的mongo版本已更新至v4.0.10
  • 我正在使用MacOS X 10.14.5

这似乎是与苹果公司非常相关的问题,因为有关失败消息的唯一参考已在https://developer.apple.com/documentation/security/1396762-cmsdecodercopysignerstatus?language=objc

中列出。

CSSMERR_TP_VERIFY_ACTION_FAILED上我还能检查什么来解决此问题?

预期将使用SSL证书连接到数据库。

1 个答案:

答案 0 :(得分:1)

能够通过将我的mongo shell版本降级到3.6.8来解决此问题,对于在那里遇到相同问题的任何人,正是mac上的v4 mongo shell导致了问题。

相关问题
最新问题