From c7f80a402b1d6ee4e0969ee9b18a4203cfff223b Mon Sep 17 00:00:00 2001 From: Mike Woofter <108414937+mongoKart@users.noreply.github.com> Date: Mon, 26 Aug 2024 14:53:35 -0500 Subject: [PATCH 1/5] first draft --- snooty.toml | 1 + source/connect/tls.txt | 267 ++++++++++++++++++ source/includes/connect/ca-dir.php | 11 + source/includes/connect/ca-file-tabs.rst | 23 ++ source/includes/connect/client-cert-tabs.rst | 23 ++ source/includes/connect/compression-tabs.rst | 18 ++ source/includes/connect/crl-file.php | 11 + source/includes/connect/crl-tabs.rst | 23 ++ .../connect/disable-cert-validation-tabs.rst | 23 ++ .../disable-host-verification-tabs.rst | 23 ++ source/includes/connect/insecure-tls-tabs.rst | 23 ++ source/includes/connect/key-file-password.rst | 24 ++ source/includes/connect/ocsp-tabs.rst | 23 ++ source/includes/connect/tls-tabs.rst | 22 ++ source/reference/class/MongoDBClient.txt | 2 + 15 files changed, 517 insertions(+) create mode 100644 source/connect/tls.txt create mode 100644 source/includes/connect/ca-dir.php create mode 100644 source/includes/connect/ca-file-tabs.rst create mode 100644 source/includes/connect/client-cert-tabs.rst create mode 100644 source/includes/connect/compression-tabs.rst create mode 100644 source/includes/connect/crl-file.php create mode 100644 source/includes/connect/crl-tabs.rst create mode 100644 source/includes/connect/disable-cert-validation-tabs.rst create mode 100644 source/includes/connect/disable-host-verification-tabs.rst create mode 100644 source/includes/connect/insecure-tls-tabs.rst create mode 100644 source/includes/connect/key-file-password.rst create mode 100644 source/includes/connect/ocsp-tabs.rst create mode 100644 source/includes/connect/tls-tabs.rst diff --git a/snooty.toml b/snooty.toml index c97fe021..6968a134 100644 --- a/snooty.toml +++ b/snooty.toml @@ -27,3 +27,4 @@ php-library = "MongoDB PHP Library" php-library = "MongoDB PHP Library" mdb-server = "MongoDB Server" api = "https://www.mongodb.com/docs/php-library/current/reference" +mdb-servewr = "MongoDB Server" diff --git a/source/connect/tls.txt b/source/connect/tls.txt new file mode 100644 index 00000000..d2bc6a97 --- /dev/null +++ b/source/connect/tls.txt @@ -0,0 +1,267 @@ +.. _php-tls: + +======================================== +Configure Transport Layer Security (TLS) +======================================== + +.. contents:: On this page + :local: + :backlinks: none + :depth: 2 + :class: singlecol + +.. facet:: + :name: genre + :values: reference + +.. meta:: + :keywords: security, authentication, transport layer security, encrypt + +Overview +-------- + +In this guide, you can learn how to use the :wikipedia:`TLS ` +protocol to secure your connection to a MongoDB deployment. + +When you enable TLS for a connection, the {+driver-short+} performs the following actions: + +- Uses TLS to connect to the MongoDB deployment +- Verifies the deployment's certificate +- Ensures that the certificate certifies the deployment + +To learn how to configure your MongoDB deployment for TLS, see the +:manual:`TLS configuration guide ` in the +{+mdb-server+} manual. + +.. note:: + + This page assumes prior knowledge of TLS/SSL and access to valid certificates. + A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, and + Certificate Authorities (CAs) is beyond the scope of this documentation. + +.. tip:: + + The {+driver-short+} delegates most TLS behavior to the MongoDB C Driver. + For information about how the C driver handles TLS, including configuration steps + and expected behavior, see + `Configuring TLS `__ + in the C driver Documentation. + +.. _php-enable-tls: + +Enable TLS +---------- + +To enable TLS for the connection to your MongoDB instance, set the ``tls`` connection +option to ``true``. You can do this in two ways: by using the ``uriOptions`` parameter +of the ``MongoDB\Client`` constructor or through a parameter in your connection string. + +.. include:: /includes/connect/tls-tabs.rst + +.. tip:: + + If your connection string includes the ``+srv`` modification, which specifies the + SRV connection format, TLS is enabled on your connection by default. + + To learn more about the SRV connection format, see + :manual:`SRV Connection Format ` + in the {+mdb-server+} documentation. + +.. _php-specify-ca-file: + +Specify a CA File +------------------ + +During the TLS handshake, the MongoDB deployment presents a certificate key file to your +application to establish its identity. Usually, a deployment's certificate has been +signed by a well-known CA, and your application relies on this CA to validate the certificate. + +During testing, however, you might want to act as your own CA. +In this case, you must instruct {+driver-short+} to +use your CA certificates instead of ones signed by another CA. + +To do so, use the ``tlsCAFile`` connection option to specify the path to a ``.pem`` file +containing the root certificate chain. +You can do this in two ways: by using the ``uriOptions`` parameter +of the ``MongoDB\Client`` constructor or through a parameter in your connection string. + +.. include:: /includes/connect/ca-file-tabs.rst + +.. _php-specify-ca-directory: + +Specify a CA Directory +~~~~~~~~~~~~~~~~~~~~~~ + +If you are using OpenSSL or LibreSSL (``libtls``) for TLS support, you can also use +the ``ca_dir`` option to instruct +the {+driver-short+} to search for a CA file within a directory. The driver searches this +directory if it doesn't find a CA file at the path specified in the ``tlsCAFile`` option. + +The following code example shows how to use the ``driverOptions`` parameter to specify the +``ca_dir`` option: + +.. literalinclude:: /includes/connect/ca-dir.php + :language: php + :copyable: true + +.. tip:: + + This option corresponds to the OpenSSL + `SSL_CTX_load_verify_locations `__ + parameter and + the LibreSSL `tls_config_set_ca_path `__ + parameter. + +.. _php-certificate-revocation: + +Check Certificate Revocation +---------------------------- + +When an X.509 certificate is no longer trustworthy—for example, if its private key +has been compromised—the CA revokes the certificate. The {+driver-short+} includes two ways +to check whether a server's certificate has been revoked. + +.. _php-disable-ocsp: + +OCSP +~~~~ + +The Online Certificate Status Protocol (OCSP) process varies depending on the version of +{+mdb-server+} you're connecting to: + +- **MongoDB v4.4 or later:** The server staples a + time-stamped OCSP response to its certificate. The {+driver-short+} validates the certificate + against the OCSP response. If the CA has revoked the certificate, or if the OCSP response + is otherwise invalid, the TLS handshake fails. +- **MongoDB v4.3 or earlier:** The server supplies an OCSP endpoint, which the {+driver-short+} + contacts directly. The {+driver-short+} then validates the certificate against the OCSP + response. If the CA hasn't revoked the certificate, the TLS handshake continues, even if + the OCSP response is invalid or malformed. + +To stop the {+driver-short+} from contacting the OCSP endpoint, set the +``tlsDisableOCSPEndpointCheck`` connection option to ``true``. +You can do this in two ways: by passing an argument to the +``MongoDB\Client`` constructor or through a parameter in your connection string. + +.. include:: /includes/connect/ocsp-tabs.rst + +.. note:: + + Even if the ``tlsDisableOCSPEndpointCheck`` option is set to ``true``, {+driver-short+} + still verifies any OCSP response stapled to a server's certificate. + +.. _php-crl: + +Certificate Revocation List +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Instead of using OCSP, you can use the instruct the {+driver-short+} +to check the server's certificate +against a Certificate Revocation List (CRL) published by the CA. To do so, set the +``crl_file`` option to the file path of the CRL. Include this option in the +``driverOptions`` parameter of the ``MongoDB\Client`` constructor, as shown +in the following code example: + +.. literalinclude:: /includes/connect/crl-file.php + :language: php + :copyable: true + +.. tip:: + + You can specify a CRL file in either the ``.pem`` or ``.der`` format. + +.. _php-client-cert: + +Present a Client Certificate +---------------------------- + +Some MongoDB deployments require every connecting application to present a client certificate +that proves its identity. To specify the client certificate for the {+driver-short+} to +present, set the ``tleCertificateKeyFile`` option to the file path of the ``.pem`` file that +contains your certificate and private key. + +You can do this in two ways: by using the ``uriOptions`` parameter +of the ``MongoDB\Client`` constructor or through a parameter in your connection string. + +.. include:: /includes/connect/client-cert-tabs.rst + +.. important:: + + Your client certificate and private key must be in the same ``.pem`` file. If they + are stored in different files, you must concatenate them. The following example + shows how to concatenate a key file and a certificate file into a third file called + ``combined.pem`` on a Unix system: + + .. code-block:: sh + + $ cat key.pem cert.pem > combined.pem + +.. _php-key-file-password: + +Provide a Key Password +~~~~~~~~~~~~~~~~~~~~~~ + +If the private key in your certificate file is encrypted, you must use the +``tlsCertificateKeyFilePassword`` option to provide the password. +You can do this in two ways: by using the ``uriOptions`` parameter +of the ``MongoDB\Client`` constructor or through a parameter in your connection string. + +.. include:: /includes/connect/key-file-password.rst + +.. _php-insecure-tls: + +Allow Insecure TLS +------------------ + +When TLS is enabled, the {+driver-short+} automatically verifies the certificate that +the server presents. When testing your code, you can disable this verification. +This is known as *insecure TLS.* + +When insecure TLS is enabled, the driver requires only that the server present an +X.509 certificate. The driver accepts a certificate even if any of the following are +true: + +- The hostname of the server and the subject name (or subject alternative name) + on the certificate don't match. +- The certificate is expired or not yet valid. +- The certificate doesn't have a trusted root certificate in the chain. +- The certificate purpose isn't valid for server identification. + +.. note:: + + Even when insecure TLS is enabled, communication between the client and server + is encrypted with TLS. + +To enable insecure TLS, set the ``tlsInsecure`` connection +option to ``true``. You can do this in two ways: by passing an argument to the +``MongoDB\Client`` constructor or through a parameter in your connection string. + +.. include:: /includes/connect/insecure-tls-tabs.rst + +To disable only certificate validation, set the ``tlsAllowInvalidCertificates`` option to +``true``, and set the ``tlsInsecure`` option to ``false`` or omit it: + +.. include:: /includes/connect/disable-cert-validation-tabs.rst + +To disable only hostname verification, set the ``tlsAllowInvalidHostnames`` option to +``true``, and set the ``tlsInsecure`` option to ``false`` or omit it: + +.. include:: /includes/connect/disable-host-verification-tabs.rst + +.. warning:: Don't Use in Production + + Always set the ``tlsInsecure``, ``tlsAllowInvalidCertificates``, and + ``tlsAllowInvalidHostnames`` options to ``false`` in production. + + Setting any of these options to ``true`` in a production environment makes + your application insecure and potentially + vulnerable to expired certificates and to foreign processes posing + as valid client instances. + +API Documentation +----------------- + +To learn more about configuring TLS for the {+driver-short+}, +see the following API documentation: + +- :ref:`MongoDB\\Client ` \ No newline at end of file diff --git a/source/includes/connect/ca-dir.php b/source/includes/connect/ca-dir.php new file mode 100644 index 00000000..3618529b --- /dev/null +++ b/source/includes/connect/ca-dir.php @@ -0,0 +1,11 @@ +$uri = "mongodb://:"; + +$uriOptions = [ + 'tls' => true, +]; + +$driverOptions = [ + 'ca_dir' => '/path/to/search/' +]; + +$client = new MongoDB\Client($uri, $uriOptions, $driverOptions); diff --git a/source/includes/connect/ca-file-tabs.rst b/source/includes/connect/ca-file-tabs.rst new file mode 100644 index 00000000..ee99a567 --- /dev/null +++ b/source/includes/connect/ca-file-tabs.rst @@ -0,0 +1,23 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsCAFile' => '/path/to/ca.pem' + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsCAFile=/path/to/ca.pem"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/client-cert-tabs.rst b/source/includes/connect/client-cert-tabs.rst new file mode 100644 index 00000000..56fd422c --- /dev/null +++ b/source/includes/connect/client-cert-tabs.rst @@ -0,0 +1,23 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsCertificateKeyFile' => '/path/to/client.pem' + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsCertificateKeyFile=/path/to/client.pem"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/compression-tabs.rst b/source/includes/connect/compression-tabs.rst new file mode 100644 index 00000000..d4db3a23 --- /dev/null +++ b/source/includes/connect/compression-tabs.rst @@ -0,0 +1,18 @@ +.. tabs:: + + .. tab:: MongoClient + :tabid: mongoclient + + .. code-block:: python + + client = pymongo.MongoClient("mongodb://:@:", + compressors = "snappy,zstd,zlib") + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: python + + uri = ("mongodb://:@:/?" + "compressors=snappy,zstd,zlib") + client = pymongo.MongoClient(uri) \ No newline at end of file diff --git a/source/includes/connect/crl-file.php b/source/includes/connect/crl-file.php new file mode 100644 index 00000000..1a37b5e2 --- /dev/null +++ b/source/includes/connect/crl-file.php @@ -0,0 +1,11 @@ +$uri = "mongodb://:"; + +$uriOptions = [ + 'tls' => true, +]; + +$driverOptions = [ + 'crl_file' => '/path/to/file.pem' +]; + +$client = new MongoDB\Client($uri, $uriOptions, $driverOptions); diff --git a/source/includes/connect/crl-tabs.rst b/source/includes/connect/crl-tabs.rst new file mode 100644 index 00000000..2d1ec32a --- /dev/null +++ b/source/includes/connect/crl-tabs.rst @@ -0,0 +1,23 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsCRLFile' => '/path/to/crl.pem' + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsCRLFile=/path/to/crl.pem"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/disable-cert-validation-tabs.rst b/source/includes/connect/disable-cert-validation-tabs.rst new file mode 100644 index 00000000..0417c1f8 --- /dev/null +++ b/source/includes/connect/disable-cert-validation-tabs.rst @@ -0,0 +1,23 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsAllowInvalidCertificates' => true + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsAllowInvalidCertificates=true"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/disable-host-verification-tabs.rst b/source/includes/connect/disable-host-verification-tabs.rst new file mode 100644 index 00000000..a8ef4ab4 --- /dev/null +++ b/source/includes/connect/disable-host-verification-tabs.rst @@ -0,0 +1,23 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsAllowInvalidHostnames' => true + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsAllowInvalidHostnames=true"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/insecure-tls-tabs.rst b/source/includes/connect/insecure-tls-tabs.rst new file mode 100644 index 00000000..2f541c2b --- /dev/null +++ b/source/includes/connect/insecure-tls-tabs.rst @@ -0,0 +1,23 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsInsecure' => true + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsInsecure=true"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/key-file-password.rst b/source/includes/connect/key-file-password.rst new file mode 100644 index 00000000..15f0c09b --- /dev/null +++ b/source/includes/connect/key-file-password.rst @@ -0,0 +1,24 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsCertificateKeyFile' => '/path/to/client.pem', + 'tlsCertificateKeyFilePassword' => '' + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsCertificateKeyFile=/path/to/client.pem&tlsCertificateKeyFilePassword="; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/ocsp-tabs.rst b/source/includes/connect/ocsp-tabs.rst new file mode 100644 index 00000000..fec5699e --- /dev/null +++ b/source/includes/connect/ocsp-tabs.rst @@ -0,0 +1,23 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true, + 'tlsDisableOCSPEndpointCheck' => true + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true&tlsDisableOCSPEndpointCheck=true"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/includes/connect/tls-tabs.rst b/source/includes/connect/tls-tabs.rst new file mode 100644 index 00000000..bd9ae89f --- /dev/null +++ b/source/includes/connect/tls-tabs.rst @@ -0,0 +1,22 @@ +.. tabs:: + + .. tab:: MongoDB\Client + :tabid: mongoclient + + .. code-block:: php + + $uri = "mongodb://:"; + + $options = [ + 'tls' => true + ]; + + $client = new MongoDB\Client($uri, $options); + + .. tab:: Connection String + :tabid: connectionstring + + .. code-block:: php + + $uri = "mongodb://:/?tls=true"; + $client = MongoDB\Client($uri); \ No newline at end of file diff --git a/source/reference/class/MongoDBClient.txt b/source/reference/class/MongoDBClient.txt index d5145c65..502cf698 100644 --- a/source/reference/class/MongoDBClient.txt +++ b/source/reference/class/MongoDBClient.txt @@ -1,3 +1,5 @@ +.. _php-mongodb-client: + ===================== MongoDB\\Client Class ===================== From be8d2f0214300b7a75d491e75279c527ef603a2c Mon Sep 17 00:00:00 2001 From: Mike Woofter <108414937+mongoKart@users.noreply.github.com> Date: Mon, 26 Aug 2024 15:13:03 -0500 Subject: [PATCH 2/5] fixes --- snooty.toml | 3 ++- source/connect/tls.txt | 2 +- source/includes/connect/ca-file-tabs.rst | 2 +- source/includes/connect/client-cert-tabs.rst | 2 +- source/includes/connect/compression-tabs.rst | 18 ------------------ source/includes/connect/crl-tabs.rst | 2 +- .../connect/disable-cert-validation-tabs.rst | 2 +- .../connect/disable-host-verification-tabs.rst | 2 +- source/includes/connect/insecure-tls-tabs.rst | 2 +- source/includes/connect/key-file-password.rst | 2 +- source/includes/connect/ocsp-tabs.rst | 2 +- source/includes/connect/tls-tabs.rst | 2 +- 12 files changed, 12 insertions(+), 29 deletions(-) delete mode 100644 source/includes/connect/compression-tabs.rst diff --git a/snooty.toml b/snooty.toml index 6968a134..8d07c101 100644 --- a/snooty.toml +++ b/snooty.toml @@ -24,7 +24,8 @@ toc_landing_pages = [ php-library = "MongoDB PHP Library" [constants] + php-library = "MongoDB PHP Library" mdb-server = "MongoDB Server" api = "https://www.mongodb.com/docs/php-library/current/reference" -mdb-servewr = "MongoDB Server" +driver-short = "PHP library" diff --git a/source/connect/tls.txt b/source/connect/tls.txt index d2bc6a97..6ce10970 100644 --- a/source/connect/tls.txt +++ b/source/connect/tls.txt @@ -264,4 +264,4 @@ API Documentation To learn more about configuring TLS for the {+driver-short+}, see the following API documentation: -- :ref:`MongoDB\\Client ` \ No newline at end of file +- :ref:`MongoDB\Client ` \ No newline at end of file diff --git a/source/includes/connect/ca-file-tabs.rst b/source/includes/connect/ca-file-tabs.rst index ee99a567..b0b85bc8 100644 --- a/source/includes/connect/ca-file-tabs.rst +++ b/source/includes/connect/ca-file-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/client-cert-tabs.rst b/source/includes/connect/client-cert-tabs.rst index 56fd422c..961fc987 100644 --- a/source/includes/connect/client-cert-tabs.rst +++ b/source/includes/connect/client-cert-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/compression-tabs.rst b/source/includes/connect/compression-tabs.rst deleted file mode 100644 index d4db3a23..00000000 --- a/source/includes/connect/compression-tabs.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. tabs:: - - .. tab:: MongoClient - :tabid: mongoclient - - .. code-block:: python - - client = pymongo.MongoClient("mongodb://:@:", - compressors = "snappy,zstd,zlib") - - .. tab:: Connection String - :tabid: connectionstring - - .. code-block:: python - - uri = ("mongodb://:@:/?" - "compressors=snappy,zstd,zlib") - client = pymongo.MongoClient(uri) \ No newline at end of file diff --git a/source/includes/connect/crl-tabs.rst b/source/includes/connect/crl-tabs.rst index 2d1ec32a..f0a63f9d 100644 --- a/source/includes/connect/crl-tabs.rst +++ b/source/includes/connect/crl-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/disable-cert-validation-tabs.rst b/source/includes/connect/disable-cert-validation-tabs.rst index 0417c1f8..bcdc0e76 100644 --- a/source/includes/connect/disable-cert-validation-tabs.rst +++ b/source/includes/connect/disable-cert-validation-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/disable-host-verification-tabs.rst b/source/includes/connect/disable-host-verification-tabs.rst index a8ef4ab4..db4b8d1b 100644 --- a/source/includes/connect/disable-host-verification-tabs.rst +++ b/source/includes/connect/disable-host-verification-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/insecure-tls-tabs.rst b/source/includes/connect/insecure-tls-tabs.rst index 2f541c2b..97600fbf 100644 --- a/source/includes/connect/insecure-tls-tabs.rst +++ b/source/includes/connect/insecure-tls-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/key-file-password.rst b/source/includes/connect/key-file-password.rst index 15f0c09b..2cb710c9 100644 --- a/source/includes/connect/key-file-password.rst +++ b/source/includes/connect/key-file-password.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/ocsp-tabs.rst b/source/includes/connect/ocsp-tabs.rst index fec5699e..1e393689 100644 --- a/source/includes/connect/ocsp-tabs.rst +++ b/source/includes/connect/ocsp-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php diff --git a/source/includes/connect/tls-tabs.rst b/source/includes/connect/tls-tabs.rst index bd9ae89f..1bb80731 100644 --- a/source/includes/connect/tls-tabs.rst +++ b/source/includes/connect/tls-tabs.rst @@ -1,6 +1,6 @@ .. tabs:: - .. tab:: MongoDB\Client + .. tab:: MongoDB\\Client :tabid: mongoclient .. code-block:: php From 16406cb2ac2dc74c762aa36df9f2e623e043cabc Mon Sep 17 00:00:00 2001 From: Mike Woofter <108414937+mongoKart@users.noreply.github.com> Date: Mon, 26 Aug 2024 15:14:48 -0500 Subject: [PATCH 3/5] fixes --- source/connect/tls.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/connect/tls.txt b/source/connect/tls.txt index 6ce10970..8f61d119 100644 --- a/source/connect/tls.txt +++ b/source/connect/tls.txt @@ -77,7 +77,7 @@ application to establish its identity. Usually, a deployment's certificate has b signed by a well-known CA, and your application relies on this CA to validate the certificate. During testing, however, you might want to act as your own CA. -In this case, you must instruct {+driver-short+} to +In this case, you must instruct the {+driver-short+} to use your CA certificates instead of ones signed by another CA. To do so, use the ``tlsCAFile`` connection option to specify the path to a ``.pem`` file @@ -147,7 +147,7 @@ You can do this in two ways: by passing an argument to the .. note:: - Even if the ``tlsDisableOCSPEndpointCheck`` option is set to ``true``, {+driver-short+} + Even if the ``tlsDisableOCSPEndpointCheck`` option is set to ``true``, the {+driver-short+} still verifies any OCSP response stapled to a server's certificate. .. _php-crl: From 9523c75b9c275420f3b4797770f3355a76e9943d Mon Sep 17 00:00:00 2001 From: Mike Woofter <108414937+mongoKart@users.noreply.github.com> Date: Tue, 27 Aug 2024 09:02:09 -0500 Subject: [PATCH 4/5] feedback --- source/connect/tls.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/connect/tls.txt b/source/connect/tls.txt index 8f61d119..54eb4853 100644 --- a/source/connect/tls.txt +++ b/source/connect/tls.txt @@ -52,7 +52,7 @@ To learn how to configure your MongoDB deployment for TLS, see the Enable TLS ---------- -To enable TLS for the connection to your MongoDB instance, set the ``tls`` connection +To enable TLS for the connection to your MongoDB deployment, set the ``tls`` connection option to ``true``. You can do this in two ways: by using the ``uriOptions`` parameter of the ``MongoDB\Client`` constructor or through a parameter in your connection string. From b4c8686459ab2d042f403a7ad25f870f5730b032 Mon Sep 17 00:00:00 2001 From: Mike Woofter <108414937+mongoKart@users.noreply.github.com> Date: Tue, 27 Aug 2024 10:45:14 -0500 Subject: [PATCH 5/5] feedback --- source/connect/tls.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/connect/tls.txt b/source/connect/tls.txt index 54eb4853..f5e6fe23 100644 --- a/source/connect/tls.txt +++ b/source/connect/tls.txt @@ -74,7 +74,8 @@ Specify a CA File During the TLS handshake, the MongoDB deployment presents a certificate key file to your application to establish its identity. Usually, a deployment's certificate has been -signed by a well-known CA, and your application relies on this CA to validate the certificate. +signed by a well-known CA (certificate authority), and your application relies on this CA +to validate the certificate. During testing, however, you might want to act as your own CA. In this case, you must instruct the {+driver-short+} to