Yes, I agree that these are real use cases for a small number of
users. You can build the C Driver from source, disabling SSL and
crypto libraries, following these instructions:

http://mongoc.org/libmongoc/current/installing.html#building-on-unix
On Mon, Sep 10, 2018 at 3:35 AM Dmitriy Gerasimov
<[email protected]> wrote:
>
> Thank you for your reply, Jesse. Yes you're right 99% of users don't
> need special build of libmongoc without TLS.
>
> Unfortunatelly we are from this 1%. Lof of goverment organizations and
> some big corporations uses its own cryptography and/or encryption protocols.
>
> We develop our own C framework with Post-Quantum encryption and no-TLS
> protocols. https://github.com/kelvinblockchain/libdap
>
> Its opensource but also there are some private projects based on same
> code, like fast and secure VPN server. It uses mongo as backend database
> and we connect to the Mongo only via
> https://github.com/kelvinblockchain/libdap-stream and
> https://github.com/kelvinblockchain/libdap-stream-ch-vpn things. They
> encrypt the connection so we're interested may be ever in no-network
> builds because we could forward unix sockets as well.
>
> So there are use cases for such requirements. Also intersting would be
> to have no-network variant of MongoDB server that works only through
> local sockets.
>
>
> On 08.09.2018 19:13, A. Jesse Jiryu Davis wrote:
> > Hi Dmitriy, libmongoc uses libssl and libcrypto for a variety of
> > purposes, not just for TLS-encrypted network connections. It uses
> > libcrypto for authentication with a password-protected MongoDB server,
> > and to generate the tokens used in transactions. Besides,
> > TLS-encrypted network connections are now extremely common: Atlas and
> > other cloud providers require TLS, and any time you connect to a
> > MongoDB server outside your internal secure network you must use TLS.
> >
> > For these reasons we thought it simple and worthwhile to always
> > require libssl and libcrypto. Most users will be happy that the
> > default installation of libmongoc has all the capabilities they need.
> >
> > You're right, the libmongoc-ssl-1.0 pkg-config file is the same as the
> > libmongoc-1.0 pkg-config file. We'd like to remove libmongoc-ssl-1.0,
> > but that's a backward-breaking change so we won't do it until version
> > 2.0: see https://jira.mongodb.org/browse/CDRIVER-2086
> >
> > On Sat, Sep 8, 2018 at 3:15 AM Dmitriy Gerasimov
> > <[email protected]> wrote:
> >> Package: libmongoc-dev
> >> Version: 1.4.2-1+b1  (possible other versions too)
> >>
> >> Ever I don't want to use the SSL I need to install libssl-dev to build 
> >> packages that uses pkg-config to be builded with libmongoc-dev.
> >> If we look at the output of `pkg-config' we see no difference between 
> >> `libmongoc-1.0' and `libmongoc-ssl-1.0' profiles.
> >>
> >> $ pkg-config --libs libmongoc-1.0
> >> -lmongoc-1.0 -lssl -lcrypto -lrt -lbson-1.0
> >>
> >> $ pkg-config --libs libmongoc-ssl-1.0
> >> -lmongoc-1.0 -lssl -lcrypto -lrt -lbson-1.0
> >>
> >>
> >> I suggest to remove -lssl and -lcrypto from `libmongoc-1.0' profile
> >>
> >> I am using Debian GNU/Linux 9.5, kernel 4.9.110-3+deb9u4 and libc6 
> >> 2.24-11+deb9u3
>

Reply via email to