@Maksym, This seems like something we should fix. Would updating the Mongo client solve this? Best, — C
> On Jul 15, 2025, at 13:18, Rumar, Maksym <[email protected]> wrote: > > I've checked the MongoDB Client(mongodb-driver-sync:4.11.1) source code that > Drill uses and found that the client actually doesn't support either > 'tlsallowinvalidcertificates' or 'tlscertificatekeyfile'. > > In theory, you can try to use the following Java system options: > 'javax.net.ssl.trustStore', 'javax.net.ssl.trustStorePassword', > 'javax.net.ssl.trustStoreType' to let the MongoDB client pick up the SSL > certificate you need. > ________________________________ > Від: Daniel Goolsby <[email protected] <mailto:[email protected]>> > Надіслано: 15 липня 2025 р. 17:41 > Кому: [email protected] <mailto:[email protected]> > <[email protected] <mailto:[email protected]>> > Тема: Re: mongo server with 3rd party certs > > I specified tlsCertificateKeyFile=/path/client.pem, but in the drill debug > output it just shows: > > time [something] WARN org.mongodb.driver.uri - Connection string contains > unsupported option 'tlscertificatekeyfile' > time [something] WARN org.mongodb.driver.uri - Connection string contains > unsupported option 'tlsallowinvalidcertifcates' > > my connection string indeed has the case sensitive names in there, the log > just lowercases them. > > it seems like the connection string doesn't allow or isn't parsing those > values. > > > > On Tue, Jul 15, 2025 at 8:52 AM Rumar, Maksym <[email protected]> > wrote: > >> Hi Daniel, >> >> You mentioned that you tried to use ssl option in the connection string. >> You can also use various other options to specify the client certificate >> and root certificate of the MongoDB: >> >> https://urldefense.com/v3/__https://www.mongodb.com/docs/manual/reference/connection-string-options/*connection-options__;Iw!!NpxR!gPiXDMAbffgXF3U-nmdc5DMI66wOGvnzenmo-R7xJ1_MwyyAXQJpDwHztdPuDbM89HZpfa3wZhCT--8VVkC9tnA$ >> >> MongoDB connection string has a bunch of options to configure TLS/SSL >> connection: >> >> * >> tlsCAFile >> * >> tlsCertificateKeyFile >> * >> * >> tlsCertificateKeyFilePassword >> >> Try to use them. Also, for debugging and testing purposes, you can try to >> disable some validations: >> >> * >> tlsAllowInvalidCertificates >> * >> * >> tlsAllowInvalidHostnames >> * >> * >> tlsInsecure >> >> Regards, >> Maksym >> >> ________________________________ >> Від: Daniel Goolsby <[email protected]> >> Надіслано: 15 липня 2025 р. 16:01 >> Кому: [email protected] <[email protected]> >> Тема: mongo server with 3rd party certs >> >> I'm realy new to apache drill, hoping that it can suit my needs. quick >> brief: i'm trying to use apache superset > drill > mongo.. I have a working >> mongo cluster with dns srv records that work for fine for being fed with >> telegraf, ansible, misc other clients. I'm coming up short trying to >> configure the Mongo storage plugin for drill for my cluster that uses 3rd >> party server certs with client ssl trust from trusted ca's. >> >> I've tried just using ssl=true in my connection string, but i need to be >> able to provide a custom client cert. >> >> from the docs: >> >> https://urldefense.com/v3/__https://drill.apache.org/docs/mongodb-storage-plugin/__;!!NpxR!gNKkG4YnZ66fgN11--ccTbttezRRNtIDFNY6Y8wXjfcPI7JpTnmh2JJKT465k4eCerKnC4zYCQnMXhuplC1B2O0$ >> >> it says i should be able to use the standard connection string format - but >> those options aren't valid. I know java things like keytool exist, so i've >> tried setting various JAVA_OPTS to create/specify keystores and >> truststores, but I cannot seem to get drill to try ssl on the mongo >> connection. >> >> the mongo server logs just hint that the connection only supports ssl, >> failing whatever client connection that drill is trying to make. >> >> any suggestions? >> >> -- >> --daniel >> -- >> > > > -- > --daniel > --
signature.asc
Description: Message signed with OpenPGP
