Yes, I agree that these are real use cases for a small number of users. You can build the C Driver from source, disabling SSL and crypto libraries, following these instructions:
http://mongoc.org/libmongoc/current/installing.html#building-on-unix On Mon, Sep 10, 2018 at 3:35 AM Dmitriy Gerasimov <[email protected]> wrote: > > Thank you for your reply, Jesse. Yes you're right 99% of users don't > need special build of libmongoc without TLS. > > Unfortunatelly we are from this 1%. Lof of goverment organizations and > some big corporations uses its own cryptography and/or encryption protocols. > > We develop our own C framework with Post-Quantum encryption and no-TLS > protocols. https://github.com/kelvinblockchain/libdap > > Its opensource but also there are some private projects based on same > code, like fast and secure VPN server. It uses mongo as backend database > and we connect to the Mongo only via > https://github.com/kelvinblockchain/libdap-stream and > https://github.com/kelvinblockchain/libdap-stream-ch-vpn things. They > encrypt the connection so we're interested may be ever in no-network > builds because we could forward unix sockets as well. > > So there are use cases for such requirements. Also intersting would be > to have no-network variant of MongoDB server that works only through > local sockets. > > > On 08.09.2018 19:13, A. Jesse Jiryu Davis wrote: > > Hi Dmitriy, libmongoc uses libssl and libcrypto for a variety of > > purposes, not just for TLS-encrypted network connections. It uses > > libcrypto for authentication with a password-protected MongoDB server, > > and to generate the tokens used in transactions. Besides, > > TLS-encrypted network connections are now extremely common: Atlas and > > other cloud providers require TLS, and any time you connect to a > > MongoDB server outside your internal secure network you must use TLS. > > > > For these reasons we thought it simple and worthwhile to always > > require libssl and libcrypto. Most users will be happy that the > > default installation of libmongoc has all the capabilities they need. > > > > You're right, the libmongoc-ssl-1.0 pkg-config file is the same as the > > libmongoc-1.0 pkg-config file. We'd like to remove libmongoc-ssl-1.0, > > but that's a backward-breaking change so we won't do it until version > > 2.0: see https://jira.mongodb.org/browse/CDRIVER-2086 > > > > On Sat, Sep 8, 2018 at 3:15 AM Dmitriy Gerasimov > > <[email protected]> wrote: > >> Package: libmongoc-dev > >> Version: 1.4.2-1+b1 (possible other versions too) > >> > >> Ever I don't want to use the SSL I need to install libssl-dev to build > >> packages that uses pkg-config to be builded with libmongoc-dev. > >> If we look at the output of `pkg-config' we see no difference between > >> `libmongoc-1.0' and `libmongoc-ssl-1.0' profiles. > >> > >> $ pkg-config --libs libmongoc-1.0 > >> -lmongoc-1.0 -lssl -lcrypto -lrt -lbson-1.0 > >> > >> $ pkg-config --libs libmongoc-ssl-1.0 > >> -lmongoc-1.0 -lssl -lcrypto -lrt -lbson-1.0 > >> > >> > >> I suggest to remove -lssl and -lcrypto from `libmongoc-1.0' profile > >> > >> I am using Debian GNU/Linux 9.5, kernel 4.9.110-3+deb9u4 and libc6 > >> 2.24-11+deb9u3 >

