MongoDB tls connections works everywhere except with mongo-cxx-driver

Renis_Fejzo · 2021-12-12T19:39:21.752Z

Hello,

I am running a valid mongod instance with tls options. I have a Custom CA and the certificate that Mongo is using is signed by it.
So every connection that I open has to provide my custom CA also.
When I try connecting through mongosh or MongoDBCompass everything works correctly.

But I have an application in C++ that has to do the heavy work so I would like to get it up and running there.
I have installed mongo-cxx-driver through vcpkg and the version is 3.6.5#2

I have tried passing the ca file on different ways and the path is always correct.
For example i used tls_options and ca_file. And I also tried putting the certificate file in the URL.
No success.

// First way
mongocxx::options::client client_options;
mongocxx::options::tls tls_options;
tls_options.ca_file("C:/Boom/mongocxx/ca.pem");
// tls_options.allow_invalid_certificates(true);
	
client_options.tls_opts(tls_options);
cout << client_options.tls_opts().get().ca_file().get().view() << endl;


string uriStr = "mongodb://localhost:27017/?tls=true&tlsCAFile=C%3A%2FBoom%2Fmongocxx%2Fca.pem";  // Second way ( I have tried even without escaping the URL)


mongocxx::uri uri(uriStr);
mongocxx::client client(uri, client_options); // client_options is removed if the second way is used

This is the error that mongo-cxx shows:

Runtime error: No suitable servers found (`serverSelectionTryOnce` set): [connection closed calling ismaster on 'localhost:27017']: generic server error

This is the error that mongod shows:

{"t":{"$date":"2021-12-12T20:27:57.972+01:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"127.0.0.1:10221","uuid":"ebdf360d-6311-4206-84ad-1e3af5733b00","connectionId":27,"connectionCount":1}}
{"t":{"$date":"2021-12-12T20:27:58.039+01:00"},"s":"I",  "c":"NETWORK",  "id":22988,   "ctx":"conn27","msg":"Error receiving request from client. Ending connection from remote","attr":{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"QueryContextAttributes for connection info failed with-2146893055"},"remote":"127.0.0.1:10221","connectionId":27}}

I have no idea why this happens. I have tried any way that lurks around in the web.
Any help is appreciated. Thank you.

Mark_Muench · 2022-04-27T19:25:11.197Z

Did you ever get this working in mongocxx? I’m running into the exact same issue and can’t get any response. Thanks!

Jan_Wagner · 2025-03-03T08:03:01.723Z

Any updates on this issue ? I am facing the same problem with mongocxx 3.10.0

Jan_Wagner · 2025-03-03T15:15:44.373Z

Actually, I was able to fix it. I looked a bit into the server code and what happens when a ca file is given explicitly. The ca is added to the root certificate store, which requires admin rights. Thus, a connection with explicit ca file can only work if the execution is run with admin rights. It happens in mongoc_secure_channel::mongoc_secure_channel_setup_ca(…).

Topic	Replies	Views	Activity
How to DISABLE [discriminator] feature ??? Drivers dot-net	1	321	Jul 2024
System.InvalidCastException: ‘Unable to cast object of type ‘MongoDB.Bson.Serialization.Serializers.ObjectSerializer’ to type ‘MongoDB.Bson.Serialization.IBsonDocumentSerializer’.’ Drivers queries	1	688	Sep 2024
mongocxx driver tries to connect to a different port Drivers node-js mongodb-shell atlas-cluster	0	29	Sep 2024
How to use multiple custom Mongoose Schemas as sub-schemas for the type field instead of Schema.Types.Mixed? Drivers node-js mongoose-odm typescript	0	30	Dec 2024
UpdateOne can not use $ Drivers crud golang	0	19	Feb 24

MongoDB tls connections works everywhere except with mongo-cxx-driver

New & Unread Topics

Want to read more? Browse other topics in Drivers or view latest topics.