@@ -132,271 +132,6 @@ The following code shows how to connect to a replica set deployment:
132132To learn more about connecting to a replica set, see :ref:`php-connection-replica-set`
133133in the Connection Targets guide.
134134
135- Transport Layer Security (TLS)
136- ------------------------------
137-
138- Enable TLS
139- ~~~~~~~~~~
140-
141- The following code shows how to enable TLS for the connection to your
142- MongoDB instance:
143-
144- .. tabs::
145-
146- .. tab:: MongoDB\\Client
147- :tabid: Client
148-
149- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
150- :language: php
151- :dedent:
152- :start-after: start-enable-tls-client
153- :end-before: end-enable-tls-client
154-
155- .. tab:: Connection URI
156- :tabid: connectionstring
157-
158- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
159- :language: php
160- :dedent:
161- :start-after: start-enable-tls-uri
162- :end-before: end-enable-tls-uri
163-
164- To learn more about enabling TLS, see :ref:`php-enable-tls` in
165- the TLS Configuration guide.
166-
167- Specify a Certificate Authority (CA) File
168- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
169-
170- The following code shows how to specify the path to your CA file
171- for the connection to your MongoDB instance:
172-
173- .. tabs::
174-
175- .. tab:: MongoDB\\Client
176- :tabid: Client
177-
178- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
179- :language: php
180- :dedent:
181- :start-after: start-ca-file-client
182- :end-before: end-ca-file-client
183-
184- .. tab:: Connection URI
185- :tabid: connectionstring
186-
187- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
188- :language: php
189- :dedent:
190- :start-after: start-ca-file-uri
191- :end-before: end-ca-file-uri
192-
193- To learn more about specifying a CA file, see :ref:`php-specify-ca-file` in
194- the TLS Configuration guide.
195-
196- Disable OCSP Checks
197- ~~~~~~~~~~~~~~~~~~~
198-
199- The following code shows how to prevent the driver from contacting
200- the OCSP endpoint:
201-
202- .. tabs::
203-
204- .. tab:: MongoDB\\Client
205- :tabid: Client
206-
207- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
208- :language: php
209- :dedent:
210- :start-after: start-disable-ocsp-client
211- :end-before: end-disable-ocsp-client
212-
213- .. tab:: Connection URI
214- :tabid: connectionstring
215-
216- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
217- :language: php
218- :dedent:
219- :start-after: start-disable-ocsp-uri
220- :end-before: end-disable-ocsp-uri
221-
222- To learn more about disabling OCSP checks, see :ref:`php-disable-ocsp` in
223- the TLS Configuration guide.
224-
225- Specify a Certificate Revocation List (CRL)
226- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
227-
228- The following code shows how to instruct the driver to verify the server's
229- certificate against a CRL:
230-
231- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
232- :language: php
233- :dedent:
234- :start-after: start-crl
235- :end-before: end-crl
236-
237- To learn more about specifying a CRL, see :ref:`php-crl` in the TLS
238- configuration guide.
239-
240- Present a Client Certificate
241- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
242-
243- The following code shows how to specify the client certificate that
244- the driver presents to your MongoDB deployment:
245-
246- .. tabs::
247-
248- .. tab:: MongoDB\\Client
249- :tabid: Client
250-
251- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
252- :language: php
253- :dedent:
254- :start-after: start-client-cert-client
255- :end-before: end-client-cert-client
256-
257- .. tab:: Connection URI
258- :tabid: connectionstring
259-
260- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
261- :language: php
262- :dedent:
263- :start-after: start-client-cert-uri
264- :end-before: end-client-cert-uri
265-
266- To learn more about specifying a client certificate, see :ref:`php-client-cert` in
267- the TLS Configuration guide.
268-
269- Provide a Certificate Key File Password
270- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
271-
272- The following code shows how to specify the password for your
273- client certificate:
274-
275- .. tabs::
276-
277- .. tab:: MongoDB\\Client
278- :tabid: Client
279-
280- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
281- :language: php
282- :dedent:
283- :start-after: start-key-file-client
284- :end-before: end-key-file-client
285-
286- .. tab:: Connection URI
287- :tabid: connectionstring
288-
289- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
290- :language: php
291- :dedent:
292- :start-after: start-key-file-uri
293- :end-before: end-key-file-uri
294-
295- .. important::
296-
297- When replacing the ``<password>`` placeholder in the connection URI, ensure
298- that you :wikipedia:`percent-encode <Percent-encoding>` the value.
299-
300- To learn more about providing a key file password, see :ref:`php-key-file-password` in
301- the TLS Configuration guide.
302-
303- Allow Insecure TLS
304- ~~~~~~~~~~~~~~~~~~
305-
306- The following code shows how to relax TLS constraints, which has the same
307- effect as disabling both :ref:`certificate validation <php-connect-disable-cert>`
308- and :ref:`hostname verification <php-connect-disable-hostname>`:
309-
310- .. tabs::
311-
312- .. tab:: MongoDB\\Client
313- :tabid: Client
314-
315- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
316- :language: php
317- :dedent:
318- :start-after: start-insecure-tls-client
319- :end-before: end-insecure-tls-client
320-
321- .. tab:: Connection URI
322- :tabid: connectionstring
323-
324- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
325- :language: php
326- :dedent:
327- :start-after: start-insecure-tls-uri
328- :end-before: end-insecure-tls-uri
329-
330- To learn more about allowing insecure TLS, see :ref:`php-insecure-tls` in
331- the TLS Configuration guide.
332-
333- .. warning::
334-
335- Setting the ``tlsInsecure`` option to ``true`` might expose your application
336- to security risks. Enabling this option makes your application insecure and
337- potentially vulnerable to expired certificates and to foreign processes posing
338- as valid client instances.
339-
340- .. _php-connect-disable-cert:
341-
342- Disable Certificate Validation
343- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
344-
345- The following code shows how to disable certificate validation:
346-
347- .. tabs::
348-
349- .. tab:: MongoDB\\Client
350- :tabid: Client
351-
352- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
353- :language: php
354- :dedent:
355- :start-after: start-disable-cert-client
356- :end-before: end-disable-cert-client
357-
358- .. tab:: Connection URI
359- :tabid: connectionstring
360-
361- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
362- :language: php
363- :dedent:
364- :start-after: start-disable-cert-uri
365- :end-before: end-disable-cert-uri
366-
367- To learn more about disabling certificate validation, see :ref:`php-insecure-tls` in
368- the TLS Configuration guide.
369-
370- .. _php-connect-disable-hostname:
371-
372- Disable Hostname Verification
373- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
374-
375- The following code shows how to disable hostname verification:
376-
377- .. tabs::
378-
379- .. tab:: MongoDB\\Client
380- :tabid: Client
381-
382- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
383- :language: php
384- :dedent:
385- :start-after: start-disable-hostname-client
386- :end-before: end-disable-hostname-client
387-
388- .. tab:: Connection URI
389- :tabid: connectionstring
390-
391- .. literalinclude:: /includes/usage-examples/connect-code-examples.php
392- :language: php
393- :dedent:
394- :start-after: start-disable-hostname-uri
395- :end-before: end-disable-hostname-uri
396-
397- To learn more about disabling hostname verification, see :ref:`php-insecure-tls` in
398- the TLS Configuration guide.
399-
400135{+stable-api+}
401136--------------
402137
0 commit comments