Add SSL context configuration

[thijsc]

MongoDB offers a possibility to use SSL client certificates and to use the root CA to verify hosts. This change makes these settings accessible from the config by passing a Hash instead of a boolean to the SSL option.

This patch is heavily inspired by dc21475

[thijsc]

I've been looking at how to add tests for the SSL socket. There's currently no test for the whole class. Happy to write one, but is this by design maybe?

[coveralls]

Coverage decreased (-0.68%) when pulling 9983f68 on appsignal:ssl_options into 2d92a6b on mongoid:master.

[thijsc]

Any chance somebody from the core team could reply to my question or merge this?

[taemon1337]

I was trying to use this patch but was unable to get it working until I modded the Moped::Protcol::Commands::Authenticate class to set the Mongo authentication mechanism.

This patch was used in addition to the one this pull request suggests. You will also need to set the password field in the mongoid config to 'MONGODB-X509'.

module Moped
  module Protocol
    module Commands
      class Authenticate
        MECHANISM='MONGODB-X509'.freeze

        def initialize(database, username, password, nonce=nil)
          if password == MECHANISM
            super("$external", build_x509_command(username))
          else
            super(database, build_auth_command(username, password, nonce))
           end
        end
      end

      def build_x509_command(username)
        { authenticate: 1, user: username, mechanism: MECHANISM }
      end
    end
  end
end