Mongocxx and SSL problems

Working with Data Drivers
,
1

I have a MongoDB that is hosted on AWS, that I can successfully connect to with SSL via Studio3T using a self signed CA file and PEM file generated following the instructions in Appendix A, B, and C in the MongoDB Manual, however when I use the exact same setup for trying to connect via Mongocxx (CA file, PEM file, SCRAM-SHA-256, etc.) I continuously get the error stating “No suitable servers found: serverselectiontimeoutms timed out: [TLS handshake failed calling ismaster”. I have tried numerous versions of Mongocxx, but my latest attempt is with Mongocxx 3.4.1 and we’re running MongoDB 4.0 on the server. Does anyone have this working in Mongocxx? Can you share the setup you are using on both server and client to get a successful connection?

My current attempts via Mongocxx look like below. The username/password and domain name shown in the code are not valid, for security reasons. See anything I’m doing wrong?

    mongocxx::uri uri1{ "mongodb://username:password@host.com:27017/?ssl=true&serverSelectionTryOnce=false&serverSelectionTimeoutMS=15000&connectTimeoutMS=10000&authSource=admin&authMechanism=SCRAM-SHA-256" };
    mongocxx::options::client client_options;
    mongocxx::options::ssl ssl_options;

    ssl_options.allow_invalid_certificates(true);
    ssl_options.ca_file("C:\\mojo\\applications\\bin\\database\\local_4.0\\test-ca.pem");
    ssl_options.pem_file("C:\\mojo\\applications\\bin\\database\\local_4.0\\test-client.pem");
    client_options.ssl_opts(ssl_options);

    auto conn = mongocxx::client{ uri1, client_options };
    mongocxx::database db = conn["test"];
    mongocxx::collection events = db["events"];

    bsoncxx::builder::basic::document server_status{};
    server_status.append(bsoncxx::builder::basic::kvp("serverStatus", 1));
    bsoncxx::document::value output = conn["test"].run_command(server_status.extract());

Everything runs without error until I execute the “run_command” which returns with the error I mentioned above. Any help would be greatly appreciated! Thanks!

2

Hi @Mark_Muench,

I’m not sure off-hand what the issue is, but I have a few questions:

  1. What version of the C driver are you using?
  2. What platform are you running the driver on?
  3. To confirm, are these the manual instructions you are referring to? https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/
  4. Are you able to connect using the same URI with another MongoDB driver or the shell?

Best,
Kevin

3

Kevin,

Thanks so much for your reply! Here’s my answers to your questions:

  1. We are using MongoDB 4.0 and I have tried several versions of Mongocxx, but the latest attempt is with Mongocxx 3.4.1.
  2. Windows 10
  3. Yes those are the instructions I’m referring to.
  4. We can successfully connect to the AWS DB iwth Studio3T, Robo3T, and Compass, but never with Mongocxx.

Thanks again for your help with this!

Mark

4

I am having the same issue with mongocxx 3.4.2 and libmongoc 1.16.2 running on Debian 10.2 , able to connect with mongo shell with TLS and using the same CA pem file.

Were you able to resolve this?

5

Mongo support was only able to get it working for us if we enabled invalid certificates on both the server and client…not an option we can live with!

6

@Jonathan_Declan_Tan @Mark_Muench are you using IPv6 in your environment (either directly as IPv6 addresses or with host names that resolve to IPv6)?

7

Yes. We are hosting the db on AWS. The host name we are trying to connect to is s2idb.ba.smt-fre.com. When I use this address in either Studio3t or Compass, I can connect with no problem. Can’t successfully connect with Mongocxx

8

no IPv6 addresses, using AWS DocumentDB (mongodb 3.6) , hostname resolves to IPv4 address.

9

Hey, has anyone been able to solve this? I have the same error with a Custom CA signed certificate.