we have a problem with the mongo java driver and the monitoring thread.
We are running a 3 server replicaset and connect our spring boot microservices by using the hostnames.
mongodb://<username>:<password>@A:27017,B:27017,C:27017/?tls=true
Up until now we always used the non-reactive mongo driver and everything is working fine. However I now wanted to use the reactive/netty version and we're getting a java.security.cert.CertificateException because it tries to validate the alternative names by IP instead of the hostnames.
I debugged through the the libraries and were able to see that when the Monitoring threads for Replicaset threads start, they are receiving the {hello: 1} with IPs instead of hostnames.
- Monitoring threads connect through hostnames --> Everything works
- With the first status request of the monitoring threads, they receive the hosts as IPs
- Mongo driver updates replicaset of monitoring cluster with IP addresses and removes hostnames
- New monitoring threads for IPs are started and try hello command
- Command fails because of hostname verification by IP
Seems like this works for non-reactive because the IP is resolved by Inet4Address and therefore gets the correct hostname again.
Does anyone have a solution for this? Apart from
- Adding IPs as alternative names to certificates (IPs may change)
- Allowing invalid hostnames (sslInvalidHostNameAllowed option)
Is there maybe something we configure on server-side so the mongo return hostnames instead of IPs?
Thanky you in advance.
