ENAMETOOLONG sslCA breaking change

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

There appears to be an undocumented breaking change from Mongoose 5 to 6.

Since upgrading to Mongoose 6, when setting up an SSL connection to the db, we have started getting an ENAMETOOLONG error:

Error: ENAMETOOLONG: name too long, open '-----BEGIN CERTIFICATE-----
--
<--redacted--certificate-->
-----END CERTIFICATE-----'
at Object.openSync (fs.js:462:3)
at Object.readFileSync (fs.js:364:35)
at transform (/opt/<redacted-project-name>/node_modules/mongodb/lib/connection_string.js:806:23)
at setOption (/opt/<redacted-project-name>/node_modules/mongodb/lib/connection_string.js:394:36)
at Object.parseOptions (/opt/<redacted-project-name>/node_modules/mongodb/lib/connection_string.js:287:9)
at new MongoClient (/opt/<redacted-project-name>/node_modules/mongodb/lib/mongo_client.js:62:46)
at /opt/<redacted-project-name>/node_modules/mongoose/lib/connection.js:785:16
at new Promise (<anonymous>)
at NativeConnection.Connection.openUri (/opt/<redacted-project-name>/node_modules/mongoose/lib/connection.js:782:19)
at /opt/<redacted-project-name>/node_modules/mongoose/lib/index.js:330:10
at /opt/<redacted-project-name>/node_modules/mongoose/lib/helpers/promiseOrCallback.js:32:5
at new Promise (<anonymous>)
at promiseOrCallback (/opt/<redacted-project-name>/node_modules/mongoose/lib/helpers/promiseOrCallback.js:31:10)
at Mongoose._promiseOrCallback (/opt/<redacted-project-name>/node_modules/mongoose/lib/index.js:1151:10)
at Mongoose.connect (/opt/<redacted-project-name>/node_modules/mongoose/lib/index.js:329:20)
at Server.databaseConnection (/opt/<redacted-project-name>/server.js:103:20)
at Server.databaseConnectAWS (/opt/<redacted-project-name>/server.js:95:16)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async Server.runAwsInstance (/opt/<redacted-project-name>/server.js:43:5)
at async Server.run (/opt/<redacted-project-name>/server.js:21:9) {
errno: -36,
syscall: 'open',
code: 'ENAMETOOLONG',
path: '<redacted-certificate-content',
level: 'error',

Our options are as follows:

const options = {
      autoIndex: true,
      ssl: true,
      sslCA,,
      sslValidate: true,
      sslKey,
      sslCert,
};

await mongoose.connect(url, options);

Where sslCA, sslKey and sslCert are the string values of the relevant certificates and keys.

The error message is implying that the code under the hood is trying to read a file with the name of the supplied value, which isn’t how things previously worked in version 5.

Indeed, on the Mongoose documentation itself says to supply the contents of the file:

https://mongoosejs.com/docs/tutorials/ssl.html#ssl-validation

await mongoose.connect('mongodb://localhost:27017/test', {
  ssl: true,
  sslValidate: true,
  // For example, see https://medium.com/@rajanmaharjan/secure-your-mongodb-connections-ssl-tls-92e2addb3c89
  // for where the `rootCA.pem` file comes from
  sslCA: require('fs').readFileSync(`${__dirname}/rootCA.pem`)
});

We have currently worked around the issue by writing the contents of those values to a file and passing the file path, which is working.

It does seem like a bug however as I can’t find any mention of this in the release notes and the documentation example will no longer work.

There was a bug raised here which seemed to also hit the issue:

https://github.com/Automattic/mongoose/issues/10488

It was closed but there was no explanation as to when this behaviour changed, whether it was intentional and why the documentation didn’t match the implementation.

What is the expected behavior?

For the options object to accept ssl details as strings, as they did prior to version 6.

What are the versions of Node.js, Mongoose and MongoDB you are using? Note that “latest” is not a version.

Node: 12.22.6 Mongoose: 6.0.5 MongoDB: 4.0.10