$mongo = new MongoDB\Driver\Manager("mongodb://" . $mongo_user . ":" . $mongo_pass . "@" . $mongoHost . "/" . $mongo_db, array(
'ssl' => true,
'sslAllowInvalidCertificates' => true,
'host' => $mongoHost
)
);
When trying to connect, I get the following:
SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Anyone have any experience with this? I was under the impression that sslAllowInvalidCertificates would allow the connection even though the certificate is self-signed (assuming the self-signed cert is what is failing verification).
Thanks!
Joe
You probably want to use the following option:
$opts = array(
"ssl" => array(
"peer_name" => "<your certificate's server name>",
"verify_peer" => false,
"verify_peer_name" => false,
"allow_self_signed" => true,
)
);
$context = stream_context_create($opts);
$manager = new MongoDB\Driver\Manager($dsn, array(), array("context" => $context));
The SSL "context" options need be set differently in the PHP driver as
is shown above.
cheers,
Derick
--
{
website: [ "http://mongodb.org", "http://derickrethans.nl" ],
twitter: [ "@derickr", "@mongodb" ]
}
That's great, thank you for your help. I'm running into this now:'No suitable servers found (`serverselectiontryonce` set): [connection timeout calling ismaster on '192.168.10.251:27017']'I can only seem to find issues relating to ipv6 and localhost with this issue, but those look like they've been fixed (My PECL MongoDB extension is 1.1.6). This is with the mongod.conf file set to 'requireSSL'. With 'preferSSL', everything connects fine, though I am assuming without SSL encryption.Is there something else I should be looking at, or does this just seem to indicate SSL issues?
2016-05-09T16:37:50.562-0500 I NETWORK [initandlisten] connection accepted from 192.168.10.100:62899 #1 (1 connection now open)
2016-05-09T16:37:50.563-0500 D - [conn1] User Assertion: 17189:The server is configured to only allow SSL connections
2016-05-09T16:37:50.563-0500 I NETWORK [conn1] AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections
dyld: lazy symbol binding failed: Symbol not found: _php_mongo_asn1_time_to_time_t
Referenced from: /Applications/MAMP/bin/php/php5.6.10/lib/php/extensions/no-debug-non-zts-20131226/mongodb.so
Expected in: flat namespace
dyld: Symbol not found: _php_mongo_asn1_time_to_time_t
Referenced from: /Applications/MAMP/bin/php/php5.6.10/lib/php/extensions/no-debug-non-zts-20131226/mongodb.so
Specifying SSL context options can be done like so:
$context = stream_context_create(['ssl' => ['verify_expiry' => false]]);
$manager = new MongoDB\Driver\Manager($uri, [], ['context' => $context]);
This uses the third $driverOptions argument to the Manager constructor (or MongoDB\Client in the userland library). At present, the "mongodb" extension does not have documentation for the SSL context options. I've opened PHPC-700 to track that. The legacy driver documentation does cover this and links to the relevant SSL context options (which is a general PHP topic not specific to our driver) and can be referenced in a pinch. Note that the custom "mongodb" context is not supported at all in the new driver (that's specific to some stream logging features that only exist in the legacy driver).
Let me know if you'd like me to clarify any of this further, and thanks for your patience in the diagnosis.
It appears that the mongodb.so extension you're using was compiled against a version of PHP without OpenSSL (i.e. the PHP environment whose phpize binary was used when building). That resulted in those functions not being defined during the build. At runtime, the extension is running with a version of PHP that does have OpenSSL and we were blindly expecting those functions to exist. I've opened PHPC-698 to track the bug and implemented a fix in PR #324.That said, the fix above is simply going to raise a meaningful exception in your current scenario (in lieu of the undefined symbol error). You'll still want to take some action to properly correct this on your end by doing one of the following:
- Disabling "verify_expiry" option in the SSL context options passed to MongoDB\Manager\Client. The default stream context (which we use if none is provided) enables this.
- Rebuilding the extension with the "pecl" and/or "phpize" command that ships with MAMP.
Specifying SSL context options can be done like so:
$context = stream_context_create(['ssl' => ['verify_expiry' => false]]);
$manager = new MongoDB\Driver\Manager($uri, [], ['context' => $context]);This uses the third $driverOptions argument to the Manager constructor (or MongoDB\Client in the userland library). At present, the "mongodb" extension does not have documentation for the SSL context options. I've opened PHPC-700 to track that. The legacy driver documentation does cover this and links to the relevant SSL context options (which is a general PHP topic not specific to our driver) and can be referenced in a pinch. Note that the custom "mongodb" context is not supported at all in the new driver (that's specific to some stream logging features that only exist in the legacy driver).
Let me know if you'd like me to clarify any of this further, and thanks for your patience in the diagnosis.
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
For other MongoDB technical support options, see: https://docs.mongodb.org/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user...@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/d08855ae-ddec-4304-b5c2-7ee1df3d1198%40googlegroups.com.