2

I completed the following tutorial (https://medium.com/@rajanmaharjan/secure-your-mongodb-connections-ssl-tls-92e2addb3c89) to set up self-signed SSL certificates to secure communications between a device and a server hosting a mongoDB database.

I can access the database from the server and from the device with the following command:

mongo --ssl --sslCAFile /path/to/CA.pem --sslPEMKeyFile /path/to/mongodb.pem --host IP:port

Error

When I try to connect to the database with a C++ program, I get a seg fault:

Segmentation fault (core dumped)

Output from GDB is

Program received signal SIGSEGV, Segmentation fault. 0x0000007fb7f6d6a8 in mongocxx::v_noabi::client::client(mongocxx::v_noabi::uri const&, mongocxx::v_noabi::options::client const&) () from /usr/local/lib/libmongocxx.so._noabi

C++ code

I instanciate the connection with:

mongocxx::instance instance{};

mongocxx::options::ssl ssl_opts;
ssl_opts.pem_file("/path/to/mongodb.pem");
// ssl_opts.allow_invalid_certificates(false); // I have tried this

mongocxx::options::client client_opts;
client_opts.ssl_opts(ssl_opts);

auto client = mongocxx::client{mongocxx::uri{"mongodb://user:pwd@IP:port/?authMechanism=MONGODB-X509&ssl=true"}, client_opts};

And compile with the following command:

c++ --std=c++11 main.cpp $(pkg-config --cflags --libs libmongocxx) -Wl,-rpath,/usr/local/lib

I have not been able to fix this error or find a solution online, any help would be much appreciated.

Additional Information

Versions:

Mongo c - 1.10.1

Mongo cxx - 3.3.0

Backtrace:

(gdb) thread apply all bt

Thread 1 (Thread 0x7fb7ff4000 (LWP 17800)):
#0  0x0000007fb7f6d6a8 in 
mongocxx::v_noabi::client::client(mongocxx::v_noabi::uri const&, 
mongocxx::v_noabi::options::client const&) () from 
/usr/local/lib/libmongocxx.so._noabi
#1  0x00000000004027d0 in main ()
Nicolas Gaborel
  • 549
  • 1
  • 5
  • 16
  • Please update with the version of the C driver and the C++ driver that you are using. Also helpful would be the full backtrace from your application, get this with `thread apply all bt` in GDB. – acm Oct 11 '18 at 22:31
  • I updated the question. There is not much happening apart from the code that I posted, it is the first thing that is run in my main.cpp file and it crashes at the `auto client ...` line. – Nicolas Gaborel Oct 12 '18 at 07:09
  • 1
    Are you building the C driver and C++ driver from source, or did you get them from a package manager (if so, which one, etc.). Can you update the C driver to 1.13 and re-test? – acm Oct 12 '18 at 13:34
  • I am building the drivers from the Github source. I updated to 1.13.0 and got the following result: `terminate called after throwing an instance of mongocxx::v_noabi::logic_error what(): an invalid MongoDB URI was provided Aborted (core dumped)` If I change the URI to `...@IP:port/?ssl=true` I get `Segmentation fault (core dumped)` – Nicolas Gaborel Oct 12 '18 at 14:36
  • The `Segmentation fault` is the same as previously when run through GDB. – Nicolas Gaborel Oct 12 '18 at 14:43

1 Answers1

1

There's a known serious bug with passing options::ssl_opts to the client constructor in the C++ driver version 3.3.0 causing the segfault. This is fixed in 3.3.1. It is highly recommended that you upgrade.

As a workaround for 3.3.0, you can pass the pem_file option through the URI string. The URI option "sslclientcertificatekeyfile" corresponds to the options::ssl::pem_file option. E.g:

auto uri = mongocxx::uri{"mongodb://localhost/?ssl=true&sslclientcertificatekeyfile=/path/to/mongodb.pem"};

But do upgrade to 3.3.1 if possible.

kevinAlbs
  • 1,114
  • 2
  • 11
  • 20
  • Thank you for your answer! I will do the update on Monday and get back to you. – Nicolas Gaborel Oct 13 '18 at 12:34
  • I updated mongocxx to 3.3.1 and mongoc to 1.13 (as per acm's recommandation) and passed the ssl option .allow_invalid_certificates(true) and I am now able to connect to my DB via SSL with self-signed certificates. Thank you for your help! – Nicolas Gaborel Oct 15 '18 at 13:02