mongo/jstests/ssl/ssl_client_certificate_warning_suppression.js

/**
 * Tests the startup-only setParameter value suppressNoTLSPeerCertificateWarning which suppresses
 * the log message "No SSL certificate provided by peer" when a client certificate is not provided.
 * This only works if weak validation is enabled.
 *
 * This test confirms that the log message is output when the setParameter is set to true,
 * and is not output when the setParameter is set to false.
 */

import {CA_CERT} from "jstests/ssl/libs/ssl_helpers.js";

function test(suppress) {
    const opts = {
        tlsMode: 'requireTLS',
        tlsCertificateKeyFile: "jstests/libs/server.pem",
        tlsCAFile: "jstests/libs/ca.pem",
        waitForConnect: false,
        tlsAllowConnectionsWithoutCertificates: "",
        setParameter: {suppressNoTLSPeerCertificateWarning: suppress}
    };
    clearRawMongoProgramOutput();
    const mongod = MongoRunner.runMongod(opts);

    assert.soon(function() {
        return runMongoProgram('mongo',
                               '--tls',
                               '--tlsAllowInvalidHostnames',
                               '--tlsCAFile',
                               CA_CERT,
                               '--port',
                               mongod.port,
                               '--eval',
                               'quit()') === 0;
    }, "mongo did not initialize properly");

    // Keep checking the log file until client metadata is logged since the SSL warning is
    // logged before it.
    assert.soon(
        () => {
            const log = rawMongoProgramOutput(".*");
            return log.search('client metadata') !== -1;
        },
        "logfile should contain 'client metadata'.\n" +
            "Log File Contents\n==============================\n" + rawMongoProgramOutput(".*") +
            "\n==============================\n");

    // Now check for the message
    const log = rawMongoProgramOutput(".*");
    assert.eq(suppress, log.match(/[N,n]o SSL certificate provided by peer/) === null);

    try {
        MongoRunner.stopMongod(mongod);
    } catch (e) {
        // Depending on timing, exitCode might be 0, 1, or -9.
        // All that matters is that it dies, resmoke will tell us if that failed.
        // So just let it go, the exit code never bothered us anyway.
    }
}

test(true);
test(false);