X509 Auth issue for MongoDB Atlas with OTP 26 #226
Description
I just wanted to quickly update to elixir 1.16 and OTP 26 but discovered some Auth issues I haven't seen before.
I use MongoDB Atlas with an X509 certificate which was generated by MongoDB itself.
And I use the currently latest version 1.2.1 of this library.
My config looks like this and is currently working without any problems in elixir 15 / OTP 25:
config :my_app, :mongo_config,
name: :my_app,
appname: "myapp",
url: "mongodb+srv://default.3kjdjd.mongodb.net",
username: "CN=my_username",
password: "",
database: "my_database",
timeout: 60_000,
idle_interval: 10_000,
queue_target: 5000,
pool_size: 100,
auth_mechanism: :x509,
ssl_opts: [
certfile: "/path/to/my_cert.pem",
verify: :verify_none
]
I tried the following elixir/erlang combinations:
- elixir 15 / OTP 25 <- is running in production
- elixir 15 / OTP 26
- elixir 16 / OTP 25
- elixir 16 / OTP 26
The result is that only the combinations with OTP 26 don't work.
With OPT 26, regardless which query I try, I always get:
iex(1)> Mongo.find_one(:my_app, :my_collection, %{})
{:error,
%Mongo.Error{
message: "command find requires authentication",
code: 13,
host: nil,
fail_command: false,
error_labels: [],
resumable: false,
retryable_reads: false,
retryable_writes: false,
not_writable_primary_or_recovering: false,
error_info: nil
}}
With OTP 25 and either elixir 15 or 16 I get the data results I expect.
To be sure I also tried the proposed config from the readme and changed the ssl config part to:
ssl: true,
ssl_opts: [
certfile: "/path/to/my_cert.pem",
verify: :verify_peer,
cacertfile: to_charlist(CAStore.file_path()),
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
]
]
with the same results as mentioned above. So this config didn't fix it.
I saw the OTP 26 adjusted some SSL related things but I cannot spot how and where this breaks stuff in the x509 authentication with MongoDB Atlas.
Did anyone of you have similar problems and/or ideas how to fix it?
Cheers
Frank