douyaju4749 2017-05-13 04:44
浏览 108
已采纳

golang客户端无法连接到mongo数据库服务器-sslv3警报错误证书

I'm trying to connect a go client to mongodb server running with ssl enabled. I get a clear error message indicating that the hand shake failed due to ssl error. I use a self signed certificate on the client side.

Got below from the mongodb server:

2017-05-13T04:38:53.910+0000 I NETWORK  [thread1] connection accepted from 172.17.0.1:51944 #10 (1 connection now open)
2017-05-13T04:38:53.911+0000 E NETWORK  [conn10] SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
2017-05-13T04:38:53.911+0000 I -        [conn10] end connection

Error from Go client:

Could not connect to mongodb_s1.dev:27017 x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "XYZ")

Tried multiple options, but didn't help

  • 写回答

1条回答 默认 最新

  • dongqiangou5724 2017-05-13 10:59
    关注

    You can skip TLS security checks using InsecureSkipVerify = true. This allows you to use self-signed certificates. See the code from compose help below.

    Instead of skipping security checks, it is advisable to add the CA used to sign your certificates to the list of trusted CAs of the system.

    package main

import (
    "crypto/tls"
    "fmt"
    "net"
    "os"
    "strings"

    "gopkg.in/mgo.v2"
)

func main() {
    uri := os.Getenv("MONGODB_URL")
    if uri == "" {
        fmt.Println("No connection string provided - set MONGODB_URL")
        os.Exit(1)
    }
    uri = strings.TrimSuffix(uri, "?ssl=true")

    Here:

        tlsConfig := &tls.Config{}
    tlsConfig.InsecureSkipVerify = true

    dialInfo, err := mgo.ParseURL(uri)

    if err != nil {
        fmt.Println("Failed to parse URI: ", err)
        os.Exit(1)
    }

    And here: 

        dialInfo.DialServer = func(addr *mgo.ServerAddr) (net.Conn, error) {
        conn, err := tls.Dial("tcp", addr.String(), tlsConfig)
        return conn, err
    }

    session, err := mgo.DialWithInfo(dialInfo)
    if err != nil {
        fmt.Println("Failed to connect: ", err)
        os.Exit(1)
    }

    defer session.Close()

    dbnames, err := session.DB("").CollectionNames()
    if err != nil {
        fmt.Println("Couldn't query for collections names: ", err)
        os.Exit(1)
    }

    fmt.Println(dbnames)

}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?