-
-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ENAMETOOLONG sslCA breaking change #10705
Comments
I have the same exact problem, I need to include the const connectionOptions = {
ssl: true,
sslValidate: true,
sslCA: await fs.readFile('./rds-combined-ca-bundle.pem'),
}; Node: 14.17.6 |
This is how we have temporarily worked around the issue if it is of any use to you. const writeSslDetailsToFiles = (sslCa, sslKey, sslCert) => {
const sslCALocation = './certificates/sslCA.pem';
const sslKeyLocation = './certificates/sslKey.pem';
const sslCertLocation = './certificates/sslCert.pem';
fs.writeFileSync(sslCALocation, sslCa);
fs.writeFileSync(sslKeyLocation, sslKey);
fs.writeFileSync(sslCertLocation, sslCert);
return {
sslCALocation,
sslKeyLocation,
sslCertLocation,
};
};
const createDbOptions = async (sslCa, sslKey, sslCert) => {
const {
sslCALocation,
sslKeyLocation,
sslCertLocation,
} = writeSslDetailsToFiles(sslCa, sslKey, sslCert);
return {
autoIndex: true,
ssl: true,
sslCA: sslCALocation,
sslValidate: true,
sslKey: sslKeyLocation,
sslCert: sslCertLocation,
};
}; |
I suspect if you do the following it'll start working for you: > const connectionOptions = {
> ssl: true,
> sslValidate: true,
> sslCA: './rds-combined-ca-bundle.pem',
> }; However it is a workaround... |
Uhm, so essentially you are just passing the path to the |
Yea that seems to be the new behaviour, yet to find out if it is staying or going. |
yeah that worked for me, thanks @SamFarrington! |
For us the insight to forward as But connecting to DocDB is still not possible. I could narrow it down to a trouble with the node-mongodb-native version: 3.7.1 is working just fine, everything of v4 (I tested 4.0.0 and 4.1.2) leads to ENAMETOOLONG. How did you come around that issue, @darkmavis1980? |
@mil7 I can connect just fine, using engine v4 for AWS DocumentDB, the only thing I do is to fetch the AWS RDS certificate and save it in the docker container where I run the application, then I just set the |
Thank you @SamFarrington ! |
We now prefer the `tls` variants of SSL/TLS options. For now, we detect these and translate them internally to the old option names. Documentation has been updated to prefer these types, and mention that the `sslVariants` are deprecated NODE-2359
Hi all, when injecting the path instead of its content I get the following error: any idea? |
I'm experiencing this too. My use case is that I want to pass the certificate to serverless functions via an environment variable. Writing the cert to a temporary file is inefficient because I'd have to do this each time a function is invoked. |
The behaviour of |
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
There appears to be an undocumented breaking change from Mongoose 5 to 6.
Since upgrading to Mongoose 6, when setting up an SSL connection to the db, we have started getting an ENAMETOOLONG error:
Our
options
are as follows:Where
sslCA
,sslKey
andsslCert
are the string values of the relevant certificates and keys.The error message is implying that the code under the hood is trying to read a file with the name of the supplied value, which isn't how things previously worked in version 5.
Indeed, on the Mongoose documentation itself says to supply the contents of the file:
https://mongoosejs.com/docs/tutorials/ssl.html#ssl-validation
We have currently worked around the issue by writing the contents of those values to a file and passing the file path, which is working.
It does seem like a bug however as I can't find any mention of this in the release notes and the documentation example will no longer work.
There was a bug raised here which seemed to also hit the issue:
#10488
It was closed but there was no explanation as to when this behaviour changed, whether it was intentional and why the documentation didn't match the implementation.
What is the expected behavior?
For the options object to accept ssl details as strings, as they did prior to version 6.
What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version.
Node: 12.22.6
Mongoose: 6.0.5
MongoDB: 4.0.10
The text was updated successfully, but these errors were encountered: