Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only inject certifi certificates on Windows if using TLS #71

Closed
prashantmital opened this issue May 6, 2020 · 2 comments · Fixed by #72
Closed

Only inject certifi certificates on Windows if using TLS #71

prashantmital opened this issue May 6, 2020 · 2 comments · Fixed by #72

Comments

@prashantmital
Copy link
Contributor

Currently, we always end up passing tlsCAFile=certifi.where() on windows which ends up implicitly enabling TLS even if the server is running without it. The error looks like this:

======================================================================
ERROR: test_simple (astrolabe.validator.ValidateWorkloadExecutor)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabe\validator.py", line 45, in setUp
    load_test_data(self.CONNECTION_STRING, DRIVER_WORKLOAD)
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabe\utils.py", line 140, in load_test_data
    coll.drop()
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabevenv\lib\site-packages\pymongo\collection.py", line 1103, in drop
    dbo.drop_collection(self.__name, session=session)
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabevenv\lib\site-packages\pymongo\database.py", line 914, in drop_collection
    with self.__client._socket_for_writes(session) as sock_info:
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabevenv\lib\site-packages\pymongo\mongo_client.py", line 1266, in _socket_for_writes
    server = self._select_server(writable_server_selector, session)
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabevenv\lib\site-packages\pymongo\mongo_client.py", line 1253, in _select_server
    server = topology.select_server(server_selector)
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabevenv\lib\site-packages\pymongo\topology.py", line 235, in select_server
    address))
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabevenv\lib\site-packages\pymongo\topology.py", line 193, in select_servers
    selector, server_timeout, address)
  File "c:\data\mci\8a509a3df3bdd3bf029acf5b0edc5187\astrolabe-src\astrolabevenv\lib\site-packages\pymongo\topology.py", line 209, in _select_servers_loop
    self._error_message(selector))
pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: localhost:27017: [WinError 10054] An existing connection was forcibly closed by the remote host

Instead, we can use a try...except block to only inject the CA cert file on SSL failures.
@prashantmital
Copy link
Contributor Author

Caused by #26

@prashantmital
Copy link
Contributor Author

This is causing EVG failures on Windows with the workload executor validation task - see https://evergreen.mongodb.com/version/5eb26cfb3627e04b03ed0da8.

This was referenced May 6, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@prashantmital