Hi,
For TLS connections to mongo it is common to require a client certificate that is requested by the mongo server. I got this working by making the following change to the connect function in the Transport.TLS module.
connect :: Maybe TLS.ClientParams -> HostName -> PortID -> IO Pipe
connect clientParams host port = bracketOnError (connectTo host port) hClose $ \handle -> do
let params = (TLS.defaultParamsClient host "")
{ TLS.clientSupported = def
{ TLS.supportedCiphers = TLS.ciphersuite_default}
, TLS.clientHooks = def
{ TLS.onServerCertificate = \_ _ _ _ -> return []}
}
context <- TLS.contextNew handle (fromMaybe params clientParams)
TLS.handshake context
conn <- tlsConnection context
rec
p <- newPipeWith sd conn
sd <- access p slaveOk "admin" retrieveServerData
return pIt simply adds an optional parameter for ClientParams allowing the caller to setup whatever TLS configuration needed.
Hi,
For TLS connections to mongo it is common to require a client certificate that is requested by the mongo server. I got this working by making the following change to the connect function in the Transport.TLS module.
It simply adds an optional parameter for ClientParams allowing the caller to setup whatever TLS configuration needed.