Difficulty when connect using TLS/SSL and verify client certificate

[CallMeLaNN]

NodeJs: 6.9.1
Mongoose version: 4.4.19
MongoDb NodeJs driver version: 2.1.19
A quick checking inside the connection.js in master branch seems similar between mine one and the latest one.

I have difficulty to configure Mongoose to connect using TLS/SSL and verify server & client certificate but then I manage to figure it out. So something can be improved or at least this page helps the others to configure the same options.

1. Documentation for options.auth is not enough in Connections. Maybe I was wrong but I can't find example like this.
   My problem is I unable to explicitly define authMechanism. Following MongoDb NodeJs native driver authMechanism is simply ignored by Mongoose.
   In the Connections documentation, it just describe options for authentication while in the source code it point to the options for authentication (see http://mongodb.github.com/node-mongodb-native/api-generated/db.html#authenticate). This URI is good to be included in the documentation since I don't have any idea how to construct the options.auth without checking the source code.
   Apparently options.auth.authMechanism is the way to go.

2. Simply follow the MongoDb NodeJs native driver URI pattern does not work.

   • authMechanism in query string is ignored. Maybe Mongoose can add this?
   • user in the URL mongodb://user:password@server:27017/db is not possible for this case
     • The user coming from x.509 certificate subject compatible with RFC2253 should be encoded because it contain comma.
       If I leave it as is, it will throw MongoError: no valid seed servers in list because of the comma but if I encode it, it will keep encoded until the MongoDb server complain There is no x.509 client certificate matching the user because encoded user does not match with un-encoded one.
     • Muri should decode the user. Mongoose internally use Muri to parse the user but Muri does not decode it.
     • While fixing this might introduce breaking changes (we don't know if it will be double decoding), it is good to note the user and password in URI does not support special character and also do not specify user in URL for client certificate.

Finally it only works this way:

var conn = mongoose.createConnection("mongodb://server:27017/db", {
    user: "CN=nodejs-api.server.com,OU=IT,O=Org,L=City,ST=State,C=MY",
    auth: { authMechanism: "MONGODB-X509" },
    server: {
        ssl: true
        sslValidate: true
        sslCA: ...
        sslCert: ...
        sslKey: ...
        sslPass: ...
    }
});

[sobafuchs]

Regarding 1, we could probably include an example of using options.auth in the docs.

For 2, aheckmann/muri#9 resolves this no?

And I would probably agree that the docs should list special characters in the uri string, even though that's more of a mongo thing than it is mongoose's issue. That's a simple docs change though

[vkarpov15]

Upgraded to latest muri in this commit: 596572e will be released in 4.7.8