Setting SSL Context for Scala/Java driver

151 views
Skip to first unread message

Dima Polsky

unread,
Aug 14, 2018, 4:45:34 AM8/14/18
to mongodb-user
Hi all,
We are using Mongo Scala driver 2.2.0 and it allows us to set the SSL context of the mongo connection programmatically. This allowed us to isolate the certificates used for mongo and control them directly via our configuration, currently, it seems that driver 2.4.0 no longer allows it and requires usage of -D attributes to set the global trust store and key store.

Was this change intentional? Anyone knows if there is still a way to set ssl context programmatically for 2.4.0?

BR 
Dima

Wan Bachtiar

unread,
Sep 18, 2018, 3:42:24 AM9/18/18
to mongodb-user

Anyone knows if there is still a way to set ssl context programmatically for 2.4.0?

Hi Dima,

Could you clarify what do you mean by setting ssl context programmatically ?
Do you mean using MongoClientSettings.Builder ? (since MongoDB Scala driver v2.3.0)

val mongoClient: MongoClient = MongoClient(
                MongoClientSettings.builder()
                .credential(MongoCredential.createCredential("username", "authdb", ("passsword").toCharArray))
                .applyToClusterSettings((builder: ClusterSettings.Builder) => builder.hosts(List(
                                                new ServerAddress("host1", 27017),
                                                new ServerAddress("host2", 27017),
                                                new ServerAddress("host3", 27017),
                                                ).asJava))
                .streamFactoryFactory(NettyStreamFactoryFactory())
                .applyToSslSettings((builder: SslSettings.Builder) => builder.enabled(true).invalidHostNameAllowed(true))
                .build()
    );

requires usage of -D attributes to set the global trust store and key store.

or perhaps you are referring to the JVM System Properties, i.e. javax.net.ssl.trustStore ?

Could you clarify with an example on what you did in MongoDB Scala driver v2.2.0 that you couldn’t do in v2.4.0 ?

Regards,
Wan.

Dima Polsky

unread,
Sep 23, 2018, 5:57:07 AM9/23/18
to mongodb-user
Hi Wan, by programmatically I am referring to the SslSettings.Builder class, that in 2.2.0 allows us to set a SSLContext object:

SslSettings.builder()
       .enabled(true)
       .invalidHostNameAllowed(config.sslAllowInvalidCertificates)
       .context(sslConfig.sslContext)
       .build()


In 2.4.0, the SslSettings.Builder did not have the context method to set SslContext. I do see that it is available in 2.4.2 and will revisit our implementation.

Thank you for the response.

BR
Dima

On Tuesday, September 18,
Reply all
Reply to author
Forward
0 new messages