mirror
/
mongo
mirror of https://github.com/mongodb/mongo
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mongo/jstests/ssl/x509_startup_warning.js

64 lines
2.1 KiB
JavaScript
Raw Permalink Blame History

// Test for startuo warning when X509 auth and sslAllowInvalidCertificates are enabled
// @tags: [live_record_incompatible]
(function() {
'use strict';
function runTest(checkMongos, opts, expectWarningCertifcates, expectWarningHostnames) {
clearRawMongoProgramOutput();
let mongo;
if (checkMongos) {
mongo = MongoRunner.runMongos(Object.assign({
configdb: "fakeRS/localhost:27017",
waitForConnect: false,
},
opts));
} else {
mongo = MongoRunner.runMongod(Object.assign({
auth: '',
sslMode: 'preferSSL',
sslPEMKeyFile: 'jstests/libs/server.pem',
sslCAFile: 'jstests/libs/ca.pem',
waitForConnect: false,
},
opts));
}
assert.soon(function() {
const output = rawMongoProgramOutput();
return (
expectWarningCertifcates ==
output.includes(
'While invalid X509 certificates may be used to connect to this server, they will not be considered permissible for authentication') &&
expectWarningHostnames ==
output.includes(
'This server will not perform X.509 hostname validation. This may allow your server to make or accept connections to untrusted parties'));
});
stopMongoProgramByPid(mongo.pid);
}
function runTests(checkMongos) {
// Don't expect a warning for certificates and hostnames when we're not using both options
// together.
runTest(checkMongos, {}, false, false);
// Do expect a warning for certificates when we're combining options.
runTest(checkMongos, {sslAllowInvalidCertificates: ''}, true, false);
// Do expect a warning for hostnames.
runTest(checkMongos, {sslAllowInvalidHostnames: ''}, false, true);
// Do expect a warning for certificates and hostnames.
runTest(
checkMongos, {sslAllowInvalidCertificates: '', sslAllowInvalidHostnames: ''}, true, true);
}
// Run tests on mongos
runTests(true);
// Run tests on mongod
runTests(false);
})();
Reference in New Issue View Git Blame Copy Permalink