Mongocxx driver fails to connect using X.509 certificate authentication

Question

I am tring to implement X.509 certificate authentication for Mongo using C++ driver. The driver is 3.4.0(custom build with enabled OpenSSL), C driver is 1.13.0, running on Debian 9, the server is Mongo 3.2

Code to connect:

    mongocxx::options::client opts;
    mongocxx::options::ssl ssl_opts;
    ssl_opts.allow_invalid_certificates(false);
    ssl_opts.ca_file( "rootCA.pem );
    ssl_opts.pem_file( "mongodb.pem" );
    opts.ssl_opts(ssl_opts);
    const mongocxx::uri url{"mongodb://x.xxx.xxx.xxx:27017/?ssl=true&maxPoolSize=10"};

This is passed to mongocxx::pool instance.

When I try to execude a command, I receive:

connection failed: No suitable servers found: serverSelectionTimeoutMS expired: [TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed calling ismaster on x.xxx.xxx.xxx

When I use the same certificates in python3 script, everything works fine(pymongo is 3.4.0, installed from Debian repo):

    import pymongo
client = pymongo.MongoClient('mongodb://3.120.209.225:27017/?ssl=true&maxPoolSize=10', 
                             ssl_ca_certs='rootCA.pem',
                             ssl_certfile='mongodb.pem')

db = client.ucas

print(db.command("isMaster"))

Also if I run mongo command from shell with the same URI and pass certificate options, connection is successfully established.

Do I miss something?

Did you solve the problem? I have the same problem when i pass the ssl/tls options to the mongocxx::pool. — user3792685, Jan 04 '21 at 06:42

Mongocxx driver fails to connect using X.509 certificate authentication

0 Answers0