search

jeroen / mongolite

Fast and Simple MongoDB Client for R
https://jeroen.github.io/mongolite/
284 stars 64 forks source link

Error opening certificate store (Win 11) #243

Closed Jylpah closed 1 year ago

Jylpah commented 1 year ago

Hi,

I had perfectly working setup (R/RStudio on Win11, Mongod on Linux), but then I started getting error messages:

R 4.2.1 / mongolite 2.6.2

dbc <- mongo('Collection', 'MongoDBname', URI, options = ssl_opts);
Warning: [WARNING] Overwriting previously provided value for 'tls'
Warning: [ERROR] Error opening certificate store
Warning: [ERROR] Failed to parse private key. ASN1 bad tag value met.
 (0x8009310B)
Warning: [ERROR] failed to receive handshake, SSL/TLS connection failed
Error: No suitable servers found (`serverSelectionTryOnce` set): [failed to receive handshake, SSL/TLS connection failed calling hello on 'server.localdomain:27017']

mongod.log

There is only one line on the mongod side:

{"t":{"$date":"2022-10-06T19:13:08.782+03:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn16","msg":"client metadata","attr":{"remote":"192.168.1.7:59552","client":"conn16","doc":{"application":{"name":"r/mongolite"},"driver":{"name":"mongoc / mongolite","version":"1.21.1 / "},"os":{"type":"Linux","name":"Ubuntu","version":"22.04","architecture":"x86_64"},"platform":"R (4.2.1 x86_64-pc-linux-gnu x86_64 linux-gnu) cfg=0x020356a8e9 posix=200809 stdc=201710 CC=GCC 11.2.0 CFLAGS=\"\" LDFLAGS=\"\""}}}

With systemLog.quiet: false setting: 

{"t":{"$date":"2022-10-06T20:26:27.059+03:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"192.168.1.7:58275","connectionId":1,"connectionCount":1}}
{"t":{"$date":"2022-10-06T20:26:27.067+03:00"},"s":"I",  "c":"NETWORK",  "id":22944,   "ctx":"conn1","msg":"Connection ended","attr":{"remote":"192.168.1.7:58275","connectionId":1,"connectionCount":0}}

I assume this is related to errors on openssl side, but I have no idea how debug this. The very same code and self-created certs work WLS2 (Linux) mode, not on Windows side.

I do not understand why the code is even trying to open some "certificate store" since I have given the certs as files to ssl_options().

Any ideas what could be problem here?

jeroen commented 1 year ago

I think this is caused because as of mongolite 2.4.0 we no longer build with openssl, but instead the native windows SSL back-end. I think this means you need to import your cert into the windows cert store, instead of passing it via ssl_opts.

Jylpah commented 1 year ago

Thanks @jeroen . This makes sense. I will close the ticket and try to figure out why my cert does not work from the Windows Cert Store (it was there too).