Thank you for your reply, Jesse. Yes you're right 99% of users don't need special build of libmongoc without TLS.

Unfortunatelly we are from this 1%. Lof of goverment organizations and some big corporations uses its own cryptography and/or encryption protocols.

We develop our own C framework with Post-Quantum encryption and no-TLS protocols. https://github.com/kelvinblockchain/libdap

Its opensource but also there are some private projects based on same code, like fast and secure VPN server. It uses mongo as backend database and we connect to the Mongo only via https://github.com/kelvinblockchain/libdap-stream and https://github.com/kelvinblockchain/libdap-stream-ch-vpn things. They encrypt the connection so we're interested may be ever in no-network builds because we could forward unix sockets as well.

So there are use cases for such requirements. Also intersting would be to have no-network variant of MongoDB server that works only through local sockets.


On 08.09.2018 19:13, A. Jesse Jiryu Davis wrote:
Hi Dmitriy, libmongoc uses libssl and libcrypto for a variety of
purposes, not just for TLS-encrypted network connections. It uses
libcrypto for authentication with a password-protected MongoDB server,
and to generate the tokens used in transactions. Besides,
TLS-encrypted network connections are now extremely common: Atlas and
other cloud providers require TLS, and any time you connect to a
MongoDB server outside your internal secure network you must use TLS.

For these reasons we thought it simple and worthwhile to always
require libssl and libcrypto. Most users will be happy that the
default installation of libmongoc has all the capabilities they need.

You're right, the libmongoc-ssl-1.0 pkg-config file is the same as the
libmongoc-1.0 pkg-config file. We'd like to remove libmongoc-ssl-1.0,
but that's a backward-breaking change so we won't do it until version
2.0: see https://jira.mongodb.org/browse/CDRIVER-2086

On Sat, Sep 8, 2018 at 3:15 AM Dmitriy Gerasimov
<[email protected]> wrote:
Package: libmongoc-dev
Version: 1.4.2-1+b1  (possible other versions too)

Ever I don't want to use the SSL I need to install libssl-dev to build packages 
that uses pkg-config to be builded with libmongoc-dev.
If we look at the output of `pkg-config' we see no difference between 
`libmongoc-1.0' and `libmongoc-ssl-1.0' profiles.

$ pkg-config --libs libmongoc-1.0
-lmongoc-1.0 -lssl -lcrypto -lrt -lbson-1.0

$ pkg-config --libs libmongoc-ssl-1.0
-lmongoc-1.0 -lssl -lcrypto -lrt -lbson-1.0


I suggest to remove -lssl and -lcrypto from `libmongoc-1.0' profile

I am using Debian GNU/Linux 9.5, kernel 4.9.110-3+deb9u4 and libc6 
2.24-11+deb9u3

Reply via email to