douyaju4749 2017-05-13 04:44
浏览 106
已采纳

golang客户端无法连接到mongo数据库服务器-sslv3警报错误证书

I'm trying to connect a go client to mongodb server running with ssl enabled. I get a clear error message indicating that the hand shake failed due to ssl error. I use a self signed certificate on the client side.

Got below from the mongodb server:

2017-05-13T04:38:53.910+0000 I NETWORK  [thread1] connection accepted from 172.17.0.1:51944 #10 (1 connection now open)
2017-05-13T04:38:53.911+0000 E NETWORK  [conn10] SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
2017-05-13T04:38:53.911+0000 I -        [conn10] end connection

Error from Go client:

Could not connect to mongodb_s1.dev:27017 x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "XYZ")

Tried multiple options, but didn't help

  • 写回答

1条回答 默认 最新

  • dongqiangou5724 2017-05-13 10:59
    关注

    You can skip TLS security checks using InsecureSkipVerify = true. This allows you to use self-signed certificates. See the code from compose help below.

    Instead of skipping security checks, it is advisable to add the CA used to sign your certificates to the list of trusted CAs of the system.

    package main

import (
    "crypto/tls"
    "fmt"
    "net"
    "os"
    "strings"

    "gopkg.in/mgo.v2"
)

func main() {
    uri := os.Getenv("MONGODB_URL")
    if uri == "" {
        fmt.Println("No connection string provided - set MONGODB_URL")
        os.Exit(1)
    }
    uri = strings.TrimSuffix(uri, "?ssl=true")

    Here:

        tlsConfig := &tls.Config{}
    tlsConfig.InsecureSkipVerify = true

    dialInfo, err := mgo.ParseURL(uri)

    if err != nil {
        fmt.Println("Failed to parse URI: ", err)
        os.Exit(1)
    }

    And here: 

        dialInfo.DialServer = func(addr *mgo.ServerAddr) (net.Conn, error) {
        conn, err := tls.Dial("tcp", addr.String(), tlsConfig)
        return conn, err
    }

    session, err := mgo.DialWithInfo(dialInfo)
    if err != nil {
        fmt.Println("Failed to connect: ", err)
        os.Exit(1)
    }

    defer session.Close()

    dbnames, err := session.DB("").CollectionNames()
    if err != nil {
        fmt.Println("Couldn't query for collections names: ", err)
        os.Exit(1)
    }

    fmt.Println(dbnames)

}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 许可证msc licensing软件报错显示已有相同版本软件,但是下一步显示无法读取日志目录。
  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事:
  • ¥15 前置放大电路与功率放大电路相连放大倍数出现问题
  • ¥30 关于<main>标签页面跳转的问题
  • ¥80 部署运行web自动化项目
  • ¥15 腾讯云如何建立同一个项目中物模型之间的联系
  • ¥30 VMware 云桌面水印如何添加
  • ¥15 用ns3仿真出5G核心网网元