1. Inconsistent TLS configuration: To configure TLS for MongoDB, the readme.md said change the auth_opt_mongo_with_tls option to enable TLS, but in the backends/mongo.go file read mongo_use_tls which means auth_opt_mongo_use_tls
So I changed the configuration option key from mongo_use_tls to mongo_tls to be related to other TLS settings.
2. insecureSkipVerify defined but never used: It was defined in both doc (readme.md) and backends/mongo.go, but it was never called to be a part of connection configuration.
lead to the error below when trying to connect with self-signed SSL certificate:
time="2024-01-19T03:11:08Z" level=info msg="mongo backend: set authentication db to: mqtt"
time="2024-01-19T03:11:08Z" level=info msg="Backend registered: Mongo"
time="2024-01-19T03:11:08Z" level=info msg="registered acl checker: mongo"
time="2024-01-19T03:11:08Z" level=info msg="registered user checker: mongo"
time="2024-01-19T03:11:08Z" level=info msg="registered superuser checker: mongo"
time="2024-01-19T03:11:08Z" level=info msg="No cache set."
time="2024-01-19T03:16:02Z" level=debug msg="checking user C01103BDFF964C6B9004D5F33EB26208 with backend Mongo"
time="2024-01-19T03:16:32Z" level=debug msg="Mongo get user error: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, Last error: x509: certificate is not valid for any names, but wanted to match localhost }, ] }"
time="2024-01-19T03:16:32Z" level=error msg="server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, Last error: x509: certificate is not valid for any names, but wanted to match localhost }, ] }"
"To successfully initiate a TLS request, your application must present cryptographic certificates to prove its identity. Your application's certificates must be stored as PEM files to enable TLS when connecting."
So, I added the options to pass certificate paths to the module to complete a TLS connection through:
auth_opt_mongo_tlsca for TLS Certificate Authority (CA)
auth_opt_mongo_tlscert for TLS Client Certificate
auth_opt_mongo_tlskey for TLS Client Certificate Private Key
1. Inconsistent TLS configuration: To configure TLS for MongoDB, the readme.md said change the
auth_opt_mongo_with_tls
option to enable TLS, but in the backends/mongo.go file readmongo_use_tls
which meansauth_opt_mongo_use_tls
So I changed the configuration option key from
mongo_use_tls
tomongo_tls
to be related to other TLS settings.2. insecureSkipVerify defined but never used: It was defined in both doc (readme.md) and backends/mongo.go, but it was never called to be a part of connection configuration.
lead to the error below when trying to connect with self-signed SSL certificate:
3. MongoDB Custom Certificates:
From the document MongoDB - Go Driver:
"To successfully initiate a TLS request, your application must present cryptographic certificates to prove its identity. Your application's certificates must be stored as PEM files to enable TLS when connecting."
So, I added the options to pass certificate paths to the module to complete a TLS connection through:
auth_opt_mongo_tlsca
for TLS Certificate Authority (CA)auth_opt_mongo_tlscert
for TLS Client Certificateauth_opt_mongo_tlskey
for TLS Client Certificate Private Key