/** * Tests the startup-only setParameter value suppressNoTLSPeerCertificateWarning which suppresses * the log message "No SSL certificate provided by peer" when a client certificate is not provided. * This only works if weak validation is enabled. * * This test confirms that the log message is output when the setParameter is set to true, * and is not output when the setParameter is set to false. */ import {CA_CERT} from "jstests/ssl/libs/ssl_helpers.js"; function test(suppress) { const opts = { tlsMode: "requireTLS", tlsCertificateKeyFile: "jstests/libs/server.pem", tlsCAFile: "jstests/libs/ca.pem", waitForConnect: false, tlsAllowConnectionsWithoutCertificates: "", setParameter: {suppressNoTLSPeerCertificateWarning: suppress}, }; clearRawMongoProgramOutput(); const mongod = MongoRunner.runMongod(opts); assert.soon(function () { return ( runMongoProgram( "mongo", "--tls", "--tlsAllowInvalidHostnames", "--tlsCAFile", CA_CERT, "--port", mongod.port, "--eval", "quit()", ) === 0 ); }, "mongo did not initialize properly"); // Keep checking the log file until client metadata is logged since the SSL warning is // logged before it. assert.soon( () => { const log = rawMongoProgramOutput(".*"); return log.search("client metadata") !== -1; }, "logfile should contain 'client metadata'.\n" + "Log File Contents\n==============================\n" + rawMongoProgramOutput(".*") + "\n==============================\n", ); // Now check for the message const log = rawMongoProgramOutput(".*"); assert.eq(suppress, log.match(/[N,n]o SSL certificate provided by peer/) === null); try { MongoRunner.stopMongod(mongod); } catch (e) { // Depending on timing, exitCode might be 0, 1, or -9. // All that matters is that it dies, resmoke will tell us if that failed. // So just let it go, the exit code never bothered us anyway. } } test(true); test(false);