changes from comments

elixir-mongo · Nov 4, 2018 · 9b1557d · 9b1557d
1 parent 014f939
commit 9b1557d
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 9 deletions.
diff --git a/examples/aws_x509.ex b/examples/aws_x509.ex
@@ -0,0 +1,19 @@
+defmodule AWSX509.Example do
+  def connect do
+    cert_dir = "/home/username/certs/"
+    {:ok, conn} = Mongo.start_link(
+      database: "database",
+      hostname: "mongodb.company.com",
+      username: "CN=username,OU=unit,O=company,L=Location,ST=State,C=US",
+      password: "foo",  # needs a dummy string. but would be nice if it could ignore this for X509
+      ssl: true,
+      auth_mechanism: :x509,
+      ssl_opts: [
+        ciphers: ['AES256-GCM-SHA384'],  # needed to connect to AWS
+        cacertfile: Path.join([cert_dir, "rootca.pem"]),
+        certfile: Path.join([cert_dir, "mycert.pem"])
+      ]
+    )
+    conn
+  end
+end
diff --git a/lib/mongo/auth.ex b/lib/mongo/auth.ex
@@ -39,7 +39,7 @@ defmodule Mongo.Auth do
     if username && password, do: auth ++ [{username, password}], else: auth
   end
 
-  defp mechanism(%{wire_version: version, auth_mechanism: "MONGODB-X509"}) when version >= 3,
+  defp mechanism(%{wire_version: version, auth_mechanism: :x509}) when version >= 3,
     do: Mongo.Auth.X509
   defp mechanism(%{wire_version: version}) when version >= 3,
     do: Mongo.Auth.SCRAM

diff --git a/lib/mongo/protocol.ex b/lib/mongo/protocol.ex
@@ -90,7 +90,6 @@ defmodule Mongo.Protocol do
   defp ssl(%{socket: {:gen_tcp, sock}} = s, opts) do
     host      = (opts[:hostname] || "localhost") |> to_charlist
     ssl_opts = Keyword.put_new(opts[:ssl_opts] || [], :server_name_indication, host)
-    ssl_opts = Keyword.put_new(ssl_opts, :ciphers, ['AES256-GCM-SHA384'])
     case :ssl.connect(sock, ssl_opts, s.connect_timeout_ms) do
       {:ok, ssl_sock} ->
         {:ok, %{s | socket: {:ssl, ssl_sock}}}

diff --git a/lib/mongo/protocol/utils.ex b/lib/mongo/protocol/utils.ex
@@ -15,14 +15,14 @@ defmodule Mongo.Protocol.Utils do
   end
 
   def command(id, command, s) do
-    op = case command do
-      [authenticate: 1, user: _username, mechanism: "MONGODB-X509"] ->
-        op_query(coll: namespace("$cmd", nil, "$external"), query: BSON.Encoder.document(command),
-                  select: "", num_skip: 0, num_return: 1, flags: [])
-      _command ->
-        op_query(coll: namespace("$cmd", s, nil), query: BSON.Encoder.document(command),
-                  select: "", num_skip: 0, num_return: 1, flags: [])
+    ns =
+      if Keyword.get(command, :mechanism) == "MONGODB-X509" && Keyword.get(command, :authenticate) == 1 do
+        namespace("$cmd", nil, "$external")
+      else
+        namespace("$cmd", s, nil)
     end
+    op = op_query(coll: ns, query: BSON.Encoder.document(command),
+                  select: "", num_skip: 0, num_return: 1, flags: [])
     case message(id, op, s) do
       {:ok, op_reply(docs: docs)} ->
         case BSON.Decoder.documents(docs) do