Fatal编程技术网
  • cplusplus/
  • C++ Can';t使用SSL/TLS连接到mongodb

C++ Can';t使用SSL/TLS连接到mongodb

c++

C++ Can';t使用SSL/TLS连接到mongodb,c++,mongo-c-driver,libmongoc,C++,Mongo C Driver,Libmongoc,我正在尝试通过SSL通过libmongoc连接到本地mongodb实例。如果我不使用SSL,连接工作正常,我可以正常执行CRUD操作,但是当我启用SSL并尝试检索一些数据时,mongoc\u cursor\u next()函数会挂起很长时间,然后以false退出 在服务器端,日志显示,当客户端卡在函数中时,客户端连接到服务器,接受连接,断开连接,并重复,直到几分钟后解卡: 2019-02-13T15:34:45.792-0300 I NETWORK [listener] connection

我正在尝试通过SSL通过libmongoc连接到本地mongodb实例。如果我不使用SSL,连接工作正常,我可以正常执行CRUD操作,但是当我启用SSL并尝试检索一些数据时,
mongoc\u cursor\u next()
函数会挂起很长时间,然后以
false
退出

在服务器端,日志显示,当客户端卡在函数中时,客户端连接到服务器,接受连接,断开连接,并重复,直到几分钟后解卡:

2019-02-13T15:34:45.792-0300 I NETWORK  [listener] connection accepted from 192.168.25.9:55256 #710 (1 connection now open)
2019-02-13T15:34:45.810-0300 I NETWORK  [conn710] received client metadata from 192.168.25.9:55256 conn710: { application: { name: "Test Client" }, driver: { name: "mongoc", version: "1.13.1" }, os: { type: "Linux", name: "Ubuntu", version: "18.10", architecture: "x86_64" }, platform: "cfg=0xa15ea0e9 posix=200809 stdc=201710 CC=GCC 8.2.0 CFLAGS="" LDFLAGS=""" }
2019-02-13T15:34:45.810-0300 I NETWORK  [conn710] end connection 192.168.25.9:55256 (0 connections now open)
2019-02-13T15:34:46.311-0300 I NETWORK  [listener] connection accepted from 192.168.25.9:55258 #711 (1 connection now open)
2019-02-13T15:34:46.328-0300 I NETWORK  [conn711] received client metadata from 192.168.25.9:55258 conn711: { application: { name: "Test Client" }, driver: { name: "mongoc", version: "1.13.1" }, os: { type: "Linux", name: "Ubuntu", version: "18.10", architecture: "x86_64" }, platform: "cfg=0xa15ea0e9 posix=200809 stdc=201710 CC=GCC 8.2.0 CFLAGS="" LDFLAGS=""" }
2019-02-13T15:34:46.328-0300 I NETWORK  [conn711] end connection 192.168.25.9:55258 (0 connections now open)
2019-02-13T15:34:46.829-0300 I NETWORK  [listener] connection accepted from 192.168.25.9:55260 #712 (1 connection now open)
2019-02-13T15:34:46.843-0300 I NETWORK  [conn712] received client metadata from 192.168.25.9:55260 conn712: { application: { name: "Test Client" }, driver: { name: "mongoc", version: "1.13.1" }, os: { type: "Linux", name: "Ubuntu", version: "18.10", architecture: "x86_64" }, platform: "cfg=0xa15ea0e9 posix=200809 stdc=201710 CC=GCC 8.2.0 CFLAGS="" LDFLAGS=""" }
2019-02-13T15:34:46.843-0300 I NETWORK  [conn712] end connection 192.168.25.9:55260 (0 connections now open)
我最初认为错误在我的代码中,因此我使用
-DENABLE_TRACING=1
选项重新构建了libmongoc库,以确定是否可以找到一些有用的东西。但是,令我惊讶的是,这个“修复”了问题:它将不再挂在
mongoc\u cursor\u next()
,文档将正常返回,但跟踪会用过多的调试信息填充标准输出,甚至转储发送/接收的TCP数据包。如果启用跟踪,问题就会消失。如果禁用跟踪,它会返回

我试图通过
mongoc\u client\u pool\u set\u SSL\u opts
函数设置SSL选项,但结果与通过URI传递相同。我还尝试在客户端上使用证书,但也没有成功。唯一有效的方法是使用
-DENABLE_TRACING=1构建libmongoc,或者在客户端上不使用SSL

我不知道这是否与我使用自签名证书有关,因为我没有信任签名证书。但是我认为
sslAllowInvalidCertificates=true
忽略了这个需求,因为它只是一个带有模拟数据的开发数据库

我错过什么了吗

我的环境:

客户:

Ubuntu 18.10 x64、libmongoc 1.13.1/1.9.5(两者都经过测试)、GCC 8.2.0

Windows 10 Pro,libmongoc 1.9.5,MSVC 2015

服务器:

Ubuntu 18.10 x64

MongoDB 4.0.6(git版本:CAA42A1F75A56C7643D0B68D38804375EC42E3)

OpenSSL版本:OpenSSL 1.1.1 2018年9月11日

我的示例客户:


int main(int argc, char *argv[])
{
    mongoc_init();
    mongoc_uri_t *uri = mongoc_uri_new("mongodb://Client:1234@localhost/?authSource=MyDatabase&ssl=true&sslAllowInvalidCertificates=true");

    if(!uri)
    {
        std::cout << "Failed to parse URI";
        return 1;
    }

    mongoc_client_pool_t *pool = mongoc_client_pool_new(uri);
    mongoc_client_pool_set_appname(pool, "Test Client");
    mongoc_client_pool_set_error_api(pool, MONGOC_ERROR_API_VERSION_2);

    mongoc_uri_destroy(uri);

    mongoc_client_t *client = mongoc_client_pool_pop(pool);

    mongoc_collection_t *col = mongoc_client_get_collection(client, "MyDatabase", "MyCollection");

    bson_error_t err;

    bson_t *filter = bson_new_from_json(reinterpret_cast<const uint8_t*>("{}"), 2, &err);
    bson_t *opts = bson_new_from_json(reinterpret_cast<const uint8_t*>("{}"), 2, &err);

    if(!filter || !opts)
        return 2;

    mongoc_cursor_t *cursor = mongoc_collection_find_with_opts(col, filter, opts, nullptr);
    bson_t *bson = nullptr;

    while(mongoc_cursor_next(cursor, const_cast<const bson_t **>(&bson)))
        std::cout << "Got document!" << std::endl;

    mongoc_cursor_destroy(cursor);

    mongoc_collection_destroy(col);

    mongoc_client_pool_push(pool, client);
    mongoc_client_pool_destroy(pool);

    mongoc_cleanup();

    return 0;
}


编辑:

经过进一步测试,我发现在没有池的情况下连接时,它不会卡在
mongoc\u cursor\u next()
上。但是失败,
mongoc\u cursor\u error()
返回:


Error 13053: No suitable servers found (`serverSelectionTryOnce` set): [Failed to receive length header from server. calling ismaster on 'localhost:27017']



此外,我还可以通过SSL与mongo CLI和Compass正常连接。
您好,您能解决这个问题吗?我在LibMongoc1.17和mongocxx 3.6中遇到了类似的问题抱歉,直到现在才看到这一点。我把它升级到了1.14。在1.16上对我有效,但还没有尝试1.17。

Error 13053: No suitable servers found (`serverSelectionTryOnce` set): [Failed to receive length header from server. calling ismaster on 'localhost:27017']