mirror
/
mongo
mirror of https://github.com/mongodb/mongo
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

test attempt

This commit is contained in:
Amalia Hawkins 2014-09-22 13:58:40 -04:00
parent 8954a165aa
commit 01c372ddd6
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
jstests/libs/badSAN.pem Normal file
View File

@ -0,0 +1,48 @@
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIDCUCQMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl
cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx
FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD
VQQGEwJVUzAeFw0xNDA5MjIxODM4MzVaFw0zNDA5MjIxODM4MzVaMG8xEjAQBgNV
BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC
MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG
A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHs1qYlXX
elrnS0TpkN7hiLaCVgaxV7Bshlb4gQdD5xuLD4zzPvmh7dTY6QCTtA4QbOXqTJtI
UygmCI//G8v+eDiboxjdn7WSb1d8NBIVlvPZpVNg2FDV8sg2qwrg2hAJJXppJqGJ
FSEoBwdJEbbEicSL4f3FgggzrfWDtr/DaU9L0PmkFqQNMsqDlsqrjqNQP1D+6Qxq
4sQxMoibTnrL0mRyebYtkjz2LAcrFw+5VbBgzIcgmCsZ2TR6ylodXsUmL67k5sHh
OeXYjIUHqAcMSM8wy7I2DYsZXYjHrLijnOFzUuxHsWYtG0U48i9Jww1PA5/ov0yH
g7KYA/EAjjfBAgMBAAGjFTATMBEGA1UdEQQKMAiCBmJhZFNBTjANBgkqhkiG9w0B
AQUFAAOCAQEAVcHNip94pNCEQAUlb3q48nCVUXlTbA3dsZ2VQG42euyKaedyqoNv
UWENDAsR7RfYVAt7se+FSILM5Gn5MY3Y3jsOGyXDx8vg48YoNR6E3PeMt5tU5mX1
/2dm+KKRq6Mw8PSykounZlM58IuT7g0JIqeY740t3Ka+b2rXYgpWV8nLLgNeHDKG
e8XNVtuLR1FmgdYm25oZOqAkJO9S0bV8T8BZy2+/cmjkeVeHxFcUMkfPKjUle1eX
KW+DOY+2b+KUUsLS5ZfrDIk0jq/dJGN3OjXE/oxeYzceSNf4wH/9Rs3+haZep2Ff
rLM2uySPtRUfNUSaU0oFUQit6eAoRobhFg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAkx7NamJV13pa50tE6ZDe4Yi2glYGsVewbIZW+IEHQ+cbiw+M
8z75oe3U2OkAk7QOEGzl6kybSFMoJgiP/xvL/ng4m6MY3Z+1km9XfDQSFZbz2aVT
YNhQ1fLINqsK4NoQCSV6aSahiRUhKAcHSRG2xInEi+H9xYIIM631g7a/w2lPS9D5
pBakDTLKg5bKq46jUD9Q/ukMauLEMTKIm056y9Jkcnm2LZI89iwHKxcPuVWwYMyH
IJgrGdk0espaHV7FJi+u5ObB4Tnl2IyFB6gHDEjPMMuyNg2LGV2Ix6y4o5zhc1Ls
R7FmLRtFOPIvScMNTwOf6L9Mh4OymAPxAI43wQIDAQABAoIBACVB9rmLX7vrI5xR
pokUBC3PppDJYnaFA4voVZwnaQScQZBtBsAPYb7NcUrhbyD4x1sHiQ5WCjk9vfwr
zPPJQVcXcRaRLlnp+Vy1T82HjlDjYqvqv3vWLFqSWnvlwyKAdvEqCZ8Zhm0l6biu
Vvz9PHD3hsv6Fn9vV85mrreFj3jYD0F5TtmI9nExqSCPz0rCwRIXTasE1eqA/7d3
pdDJkm6No3DHZVgpASiStBuWnShygloU0Xcho+79wUHyyOHU170mQarD8cuCkK2x
0R10XkWPXfSkwOYRheHuw5om2RB9gP+k6mW6nfFwg6kNvC2Ltm6xmJrZ5nROIq64
raWDABUCgYEAyE/bou7FL3/wWixWEqQjuOO784G32Ms/Bwzkpkdbwu0ZkcB8HbH8
zsB2gy2qr32jIYv+AFo+v6LU88zU1Mj3l1yM00SPBOdr+/BDihUw6YL9gp34rSqn
2THChK+XZlipT0ntbjT6HJLr8HZeI+OxZ4Yp0NN2XFaaHrHYjmgxhZcCgYEAvAVP
89b+IfOJohy3yFrNN+8rCG76ffbdxxlNC/uTSJyA7MGWV6Ey2Qfik01Lqh2QLgyM
VOSQcBkSKWSlWNYE5pago749yRub92Jkm8It4lqMUhxaeBU/OiBrWJsnTZVF8g2q
IXhVCeX5REscEcPCRgnhRQ7cTIjC2NlE4ElJSGcCgYEAteGlCa2KSBYANLB7OxPl
B7Vo7LMFLwllYk53su+qRzUoeWpwiDob1dN2CKhHim8m14gYi1NmFHWSrQh42/ja
r4ouqIpg3lAPgcRoXxHcxrrU22v656mKnLEM8ZPKgfjRSxhSSTY7QAS7zSx9UFMn
u1tbzqyjlTZhXKuZebzr8mMCgYBi0fP0t+G33HVRNADQGBFWPakDdLjJLc/gjga1
rpL5jfAg/5pSElJUSVWnj++dyI339fZnw/26PSMTiGdzKoFG5JInnZyBr7Yorpks
WEGff3HS0j4mcRxbI6Dn4BwnJbaugsoRb1paqnl5kHR/TcE06Ipyrl3RB+xI5uDR
dRNELwKBgEAJIrpepoldKU46ci29f/55O4QrjCjrrBHc3GZ3KeUvBa8VIoy1S5Uk
+sYHeQpRBgEOa5c5ILe3zJKh4MES9FQJKtP0ObIMCe9zWj363hJ07FZMLQEoltmj
9gn3ZGKCVTlIZPo6tZLgI3UxPiiH933oVjjRIXq4J+k3N2Z2dTLj
-----END RSA PRIVATE KEY-----

13
jstests/ssl/ssl_hostname_validation.js
View File

@ -5,6 +5,7 @@ var SERVER_CERT = "jstests/libs/server.pem";
var CN_CERT = "jstests/libs/localhostnameCN.pem";
var SAN_CERT = "jstests/libs/localhostnameSAN.pem";
var CLIENT_CERT = "jstests/libs/client.pem"
var BAD_SAN_CERT = "jstests/libs/badSAN.pem";
// We want to be able to control all SSL parameters
// but still need an SSL shell hence the test is placed
@ -65,7 +66,6 @@ testCombination(SERVER_CERT, false, true, true);
testCombination(SERVER_CERT, true, false, true);
testCombination(SERVER_CERT, true, true, true);
// 2. Initiate ReplSetTest with invalid certs
ssl_options = {sslMode : "requireSSL",
// SERVER_CERT has SAN=localhost. CLIENT_CERT is exact same except no SANS
@ -99,3 +99,14 @@ var replTest = new ReplSetTest({nodes : {node0 : ssl_options, node1 : ssl_option
replTest.startSet();
replTest.initiate();
replTest.stopSet();
// 5. Initiate ReplSetTest with a cert that has an invalid
// SAN (badSAN) but a correct CN (localhost).
ssl_options = {sslMode : "requireSSL",
sslPEMKeyFile: BAD_SAN_CERT,
sslCAFile: CA_CERT};
replTest = new ReplSetTest({nodes : {node0 : ssl_options, node1 : ssl_options}});
replTest.startSet();
assert.throws( function() { replTest.initiate() } );
replTest.stopSet();