Hi,
I am trying to utilise the client_encryption.create_data_key functionality via kmip but cannot get past the following error:
pymongo.errors.EncryptionError: [(‘SSL routines’, ‘ssl3_read_bytes’, ‘sslv3 alert bad certificate’)]
python 3.7.10
pymongo: 4.0.1
Code:
import os
import base64
from pathlib import Path
from secrets import token_bytes
from bson import json_util
from bson.binary import STANDARD
from bson.codec_options import CodecOptions
from pymongo import MongoClient
from pymongo.encryption import ClientEncryption
from pymongo.encryption_options import AutoEncryptionOpts
kms_providers = {"kmip": {"endpoint": "x.x.x.x:5696"}}
ktoptions={'kmip':{'tls':True,'tlsCAFile':'/etc/pki/ca-trust/source/anchors/ca.pem','tlsCertificateKeyFile':'/etc/pki/ca-trust/source/anchors/client.pem'}}
csfle_opts = AutoEncryptionOpts(
kms_providers=kms_providers, key_vault_namespace="csfle_demo2.__keystore", kms_tls_options=ktoptions
)
replicaSet=myRS"
os.environ["MDB_URL"] = "mongodb+srv://x:x@xxx.mongodb.net"
with MongoClient(os.environ["MDB_URL"], auto_encryption_opts=csfle_opts) as client:
print("Resetting demo database & keystore ...")
client.drop_database("csfle_demo")
client_encryption = ClientEncryption(
kms_providers,
"csfle_demo2.__keystore",
client,
CodecOptions(uuid_representation=STANDARD),
)
print("Creating key in MongoDB ...")
key_id = client_encryption.create_data_key("kmip", master_key={"keyId":'gregTest'},key_alt_names=["example"])
print(key_id)
I have confirmed the validity of my certs via:
openssl s_client -connect x.x.x.x:5696 -CAfile /etc/pki/ca-trust/source/anchors/ca.pem -cert /etc/pki/ca-trust/source/anchors/client.pem which results with no errors
Any help would be much appreciated
Cheers
Greg