使用Perl的Mongodb的SSL连接问题

时间:2018-07-03 16:16:33

标签: mongodb perl ssl

我正在尝试使用Perl脚本连接Mongodb服务器(使用SSL),但连接失败。

源代码:

use strict;

use IO::Socket::SSL;
use MongoDB;
use MongoDB::OID;

my $client = MongoDB::MongoClient->new(
    host => 'mongodb://username:password@ip_address1:port_number, ip_address2:port_number,ip_address3:port_number/myDB?ssl=true&replicaSet=mongo123',
    ssl  => {
        SSL_ca_file   => " certificates/chain_prod.pem",
        SSL_cert_file => " certificates/cert.pem",
    },
    auth_mechanism => "MONGODB-X509",
    username       => " CN=XXXXXXXXXXX,OU=XXXXXXXX,O=XXXXXXX,ST=XXXXXXXXXX,C=XX ",
    # using openssl x509 -in certs/client.pem -inform PEM -subject -nameopt RFC2253
);

my $db       = $client->get_database( "mydb" );
my $coll     = $db->get_collection( "customers" );
my $messages = $coll->find;

while ( my $msg = $messages->next ) {
    print $msg;
}

错误

  

NPP_EXEC:“运行Perl”
  NPP_SAVE:C:\ Users \ royabhix \ Desktop \ perl_program \ MysqlDataBaseConnection.pl
  CD:C:\ Users \ royabhix \ Desktop \ perl_program
  当前目录:C:\ Users \ royabhix \ Desktop \ perl_program
  C:\ perl64 \ bin \ perl“ MysqlDataBaseConnection.pl”
  流程已开始(PID = 11400)>>>
  MongoDB :: UsageError:在(eval 595)行291处的MONGODB-X509凭据中的字段密码无效。
  MongoDB :: _ Credential :: new(undef,“ mechanism”,“ MONGODB-X509”,“ mechanism_properties”,HASH(0x5935f10),“ username”,“ user123”,“ password”,...)在C:/调用Perl64 / site / lib / MongoDB / MongoClient.pm第1181行
  在(eval 450)第21行调用的MongoDB :: MongoClient :: _ build__credential(MongoDB :: MongoClient = HASH(0x594db50))
  MongoDB :: MongoClient :: _ credential(MongoDB :: MongoClient = HASH(0x594db50))在C:/Perl64/site/lib/MongoDB/MongoClient.pm行1149调用
  在(eval 446)第21行调用的MongoDB :: MongoClient :: _ build__topology(MongoDB :: MongoClient = HASH(0x594db50))
  MongoDB :: MongoClient :: _ topology(MongoDB :: MongoClient = HASH(0x594db50))在C:/Perl64/site/lib/MongoDB/MongoClient.pm第1291行调用
  在(eval 590)第1014行调用的MongoDB :: MongoClient :: BUILD(MongoDB :: MongoClient = HASH(0x594db50),HASH(0x62e87f8))
  MongoDB :: MongoClient :: new(undef,“ host”,“ mongodb:// username1:password123 \ @ip_address:port_number,1” ...,“ ssl”,HASH(0xa5dc68),“ auth_mechanism”,“ MONGODB- X509“,”用户名“,...)在MysqlDataBaseConnection.pl第4行调用
  <<<处理完成(PID = 11400)。 (退出代码255)

     

================ READY ===============

没有SSL(Mongodb + Perl):

use MongoDB ();
use Data::Dumper qw(Dumper);

my $client = MongoDB::MongoClient->new(host => 'localhost', port => 27017);

my $db   = $client->get_database( 'mydb');

my $messages_coll = $db->get_collection('customers');

my $messages = $messages_coll->find;
while (my $p = $messages->next) {
    print Dumper $p;
}

输出:

NPP_EXEC: "Run Perl"
NPP_SAVE: C:\Users\royabhix\Desktop\perl_program\MongoDBConnection.pl
CD: C:\Users\royabhix\Desktop\perl_program
Current directory: C:\Users\royabhix\Desktop\perl_program
C:\perl64\bin\perl "MongoDBConnection.pl"
Process started (PID=16796) >>>
$VAR1 = {
          'password' => 'intel123',
          'username' => 'rpn',
          '_id' => bless( {
                          'value' => '5b3b96ea7517d164f102d614'
                        }, 'MongoDB::OID' )
        };
$VAR1 = {
          '_id' => bless( {
                          'value' => '5b3b96f27517d164f102d615'
                        }, 'MongoDB::OID' ),
          'username' => 'faizkhax',
          'password' => 'intel456'
        };
$VAR1 = {
          '_id' => bless( {
                          'value' => '5b3b96f27517d164f102d616'
                        }, 'MongoDB::OID' ),
          'username' => 'kunal',
          'password' => 'intel789'
        };
<<< Process finished (PID=16796). (Exit code 0)
================ READY ================

由于此处未应用SSL,因此上述代码段工作正常。

但是我想在SSL中使用相同的代码。

任何帮助将不胜感激。预先谢谢你

1 个答案:

答案 0 :(得分:1)

您的错误消息来自以下行: https://metacpan.org/source/MONGODB/MongoDB-v2.0.0/lib/MongoDB/_Credential.pm#L211

如果您研究上面的代码,则会发现它取决于:

'MONGODB-X509' => {
    password             => sub { ! length },
    source               => sub { $_ eq '$external' },
    mechanism_properties => sub { !keys %$_ },
},

这意味着您在使用MONGODB-X509身份验证方案时,不应提供密码,因为如果存在密码,sub { ! length }将触发并生成错误。

我猜想密码是在host参数中从您的URL中删除的,所以尝试使用:

host => 'mongodb://username@ip_address1:port_number, ip_address2:port_number,ip_address3:port_number/myDB?ssl=true&replicaSet=mongo123'

(如果使用证书,用户名本身实际上可能是无关紧要的)

https://metacpan.org/pod/MongoDB::MongoClient#MONGODB-X509-(for-SSL-client-certificate)上的手册页给出了以下示例:

my $mc = MongoDB::MongoClient->new(
    host => "mongodb://sslmongo.example.com/",
    ssl => {
        SSL_ca_file   => "certs/ca.pem",
        SSL_cert_file => "certs/client.pem",
    },
    auth_mechanism => "MONGODB-X509",
    username       => "CN=XXXXXXXXXXX,OU=XXXXXXXX,O=XXXXXXX,ST=XXXXXXXXXX,C=XX"
);

顺便说一句,确切地说,这不是TLS(比SSL更好的名称)问题,它是与使用X.509证书进行身份验证有关的问题。

相关问题
最新问题