Import tools: 27c04a6448462549a61aa1403ad3a09dde2ec9b5 from branch v3.6

ref: a7ddcd8fc3..27c04a6448
for: 3.6.21

TOOLS-2590    [v3.6] sslAllowInvalidHostnames bypass ssl/tls server certification validation entirely

12 files changed, 495 insertions, 77 deletions

diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml
index 3f06088718f..d1f4e245381 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml
@@ -207,7 +207,10 @@ mongo_tools_variables:
       mongod_args: ""
       mongod_port: 33333
     ssl: &mongod_ssl_startup_args
-      mongod_args: "--sslMode requireSSL --sslCAFile common/db/openssl/testdata/ca.pem --sslPEMKeyFile common/db/openssl/testdata/server.pem"
+      mongod_args: "--sslMode requireSSL --sslCAFile common/db/openssl/testdata/ca-ia.pem --sslPEMKeyFile common/db/openssl/testdata/test-server.pem --bind_ip localhost"
+      mongod_port: 33333
+    ssl: &mongod_ssl_startup_args_windows
+      mongod_args: "--sslMode requireSSL --sslCAFile common/db/openssl/testdata/ia-ca.pem --sslPEMKeyFile common/db/openssl/testdata/test-server.pem --bind_ip localhost"
       mongod_port: 33333
     # Set storage engine as mmapv1 for 32 bit variants because WiredTiger requires 64 bit support.
     win32: &mongod_win32_startup_args
@@ -219,7 +222,7 @@ mongo_tools_variables:
       mongo_args: &mongo_default_startup_args_string "--port 33333"
       mongod_port: 33333
     ssl: &mongo_ssl_startup_args
-      mongo_args: "--port 33333 --ssl --sslCAFile ./common/db/openssl/testdata/ca.pem --sslPEMKeyFile ./common/db/openssl/testdata/server.pem --sslAllowInvalidCertificates"
+      mongo_args: "--port 33333 --ssl --sslCAFile ./common/db/openssl/testdata/ca-ia.pem --sslPEMKeyFile ./common/db/openssl/testdata/test-client.pem --sslAllowInvalidCertificates"
       mongod_port: 33333
 
 functions:
@@ -1612,7 +1615,7 @@ buildvariants:
   run_on:
   - debian71-test
   expansions:
-    gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go'
+    gorootvars: 'PATH="/opt/go1.11/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.11/go'
     build_tags: "sasl ssl"
   tasks:
   - name: dist
@@ -1832,7 +1835,7 @@ buildvariants:
   run_on:
   - windows-64-vs2013-compile
   expansions:
-    <<: *mongod_ssl_startup_args
+    <<: *mongod_ssl_startup_args_windows
     <<: *mongo_ssl_startup_args
     mongo_os: "windows-64"
     mongo_target: "windows_x86_64-2008plus-ssl"
@@ -1947,7 +1950,7 @@ buildvariants:
   stepback: false
   batchtime: 10080 # weekly
   expansions:
-    gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc'
+    gorootvars: 'PATH="/opt/go1.11/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.11/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc'
     build_tags: "sasl ssl"
   tasks:
   - name: dist
@@ -1982,7 +1985,7 @@ buildvariants:
   stepback: false
   batchtime: 10080 # weekly
   expansions:
-    gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc'
+    gorootvars: 'PATH="/opt/go1.11/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.11/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc'
     build_tags: "sasl ssl"
   tasks:
   - name: dist
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca-ia.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca-ia.pem
new file mode 100644
index 00000000000..9bfd078c172
--- /dev/null
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca-ia.pem
@@ -0,0 +1,77 @@
+-----BEGIN CERTIFICATE-----
+MIIGuTCCBKGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5h
+bWUxHzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRl
+c3RDZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcN
+MjAwNTE0MjIwNDA4WhcNMjIwNTE0MjIwNDA4WjCBmjELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5hbWUx
+HzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRlc3RD
+ZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvai9QUGngMN2KStKblKKL2wbmeje0
+ciFDqgKE1NeYnVXSb+2Gfh0GsfMlPAHLnrJJavxP+hlEtE7xAUzMXRpG+1UlF/9F
+GoOVXbiD4kcJStnpAem1Rekdnno/BjHnXHi6ICcSzHIj79hZP1duwtBVpbsZL4ex
+NxGJUbQI/HXP4Ii/a6PgVmr214I0Gvzv5vuqqyUzrTqXia5MPjs74Dx6vlxec1RP
+KTweLCOQDv3qyYaTmp9zTflOUXQ5PZYCudhasegZBz/M3dZ/DKEHdmLbgZIEeMO/
+Q0aNeS2nv/6vrM/eNlxC9Pojl4ilJX+O91JfcrKBQHbsArc0YTeFI2MVtFVr9ZMc
+1tDskKOciT4eBkyQ5Fxj6PXqY6drFGTU34v3agbMQ2MuOoEzuU0sa29aIHxU4f1J
+mIHzBx2jQBMhNQoyV8/f/ww85hRI409vFTpKsksQUCphfoAzZkDgE1K1HTmm9EoE
+ALpHYXed/9HqIhhPDvi5rM+YbO+oA8RMWIBfYYigXBbggpkRXJzj1Rszpog9LWvV
+REZZt7/zMKFUVdA6ZX1xPq+YD2LI0GJQPKKFOFZlU8l4hgm28mXNu4cRWALFfQ2p
+oyzqCXDrL8mg6PQMm31SeJYJVoHBxmK3GHm9Xmx/ATJdGzLKOWasA9AQ0ZB4N2EO
+SEyiFmYiR3JfpQIDAQABo4IBBjCCAQIwHQYDVR0OBBYEFA1nxNTcT9PtIMze0tTW
+om9ezkwiMA8GA1UdEwEB/wQFMAMBAf8wgc8GA1UdIwSBxzCBxIAUS5yyG3e0ez1O
+UUuyICi2AEQan7ChgaCkgZ0wgZoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEk
+MCIGA1UEBwwbVGVzdENlcnRpZmljYXRlTG9jYWxpdHlOYW1lMR8wHQYDVQQKDBZU
+ZXN0Q2VydGlmaWNhdGVPcmdOYW1lMSMwIQYDVQQLDBpUZXN0Q2VydGlmaWNhdGVP
+cmdVbml0TmFtZTESMBAGA1UEAwwJbG9jYWxob3N0ggkAmupop0NK8BQwDQYJKoZI
+hvcNAQELBQADggIBALncufwQDoui6iUBMFwP7VM87EHmkYLfnKG2Jdmcb8zKZ2G/
+umS1glYpPtyFISzo3TZH2kY1x0pwFjuS9zjt+Y7OgmT0Ktqg8Z4iLD7Qf3bPe/2t
+P1gbPyiLQsVoa1StaYYZ9pn/AO4Cm/LenwdtpQLDrR8GIS4GEpYLjSRMor83QlbV
+rb7zJoUf13Ycu996rAoXyeDQ7CFiT9eHh9/7YewKW3c6eaWwSeJcMfOBqZSZiD0h
+e95s2MeMcFhBQtWNnGWdja/PqP/7EgQ2h4ts1mmiPfchvBN06xOHivq43C0J/M7P
+VsGJ2GoHZjRhaZ73J4Uq2sQqqQot+aJeKSFjrxEEajd1NAbRTF3HBturErOS2XT0
+WGMT2mzRvU7ATQyDtp3sDkrJfEhGIyOIqosnqvlgaA3aEHF83FRbtaUi1TElURc5
+u8ter2eSQbjPRADpY/ox26Oca//DeSm3eEa6zTWTYxD2MPE5EPHtoljVxpDipxkv
+XDOwXi2sR6oQMdz11W2jYibVOY4thFsm+FtfIa5jg7ycG9ASuvAupkU5auKU8W+Z
+iDDJI3gHyiD3AKvaoBHIpSTVVQlKryTbo2IIbeerrimxfPjy2mSBsec463KUjpoN
+50WdDp2BcCQqN+I0GEp4zcGLO4DqzOBaeWxy7jCQRVKfv8V2zKZ2X1w2u3Nk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGwTCCBKmgAwIBAgIJAJrqaKdDSvAUMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxv
+Y2FsaXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEG
+A1UECwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0yMDA1MTQyMjAzMzNaFw0yNTA1MTQyMjAzMzNaMIGaMQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxvY2Fs
+aXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEGA1UE
+CwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2FsaG9z
+dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMwgKFmX/uEl/PeSeqzT
+HeEyoDr0F7u6sbkHFciH7Jfo/6X4eoCannF9HV6I1enHBy5tDl6+otaSYq+3bPNt
+QgHIFjXwGO+lPV6eVv14eA5LOl8Qx3oAQsZAf3Xqdtbr6M8BdkIvATcZMkhGrGNh
+X2IuRi2HlyRNlYv50kzI+MBvW0tBDx3XuSBeRcdTEqKr+TIuuV75tGekfto/YMfW
+nTbivL7t51B97nhc8aHMP/TfXwkNbEIvTuNAFZRhB23irfkV9X+MtawytZOLxL+r
+I0dQj3RE/ltZK04kNXT4MUt0QiWqOi+Y7ATOAyaP3ZN+IRtYCNE2R5o3a4HCGS0n
+i0Lm3KPZzHt/iYfyX8l/kG8msL6mhdnKL99skEZO3aFGfm80MGWfMxx0NcGx62/J
+APV9mrbusMk34BwNjjpVsb+Gx3Y7gGFxYvSj7HYyoldk0bH79noUEeAKKzMJFxS9
+MvX5/t+7tB9Ulbvz/nrd1sk/JuVIo8+HczmThrIYbci+sA89NxIHzDywkMEqj+gr
+8Qx5W0gWhT19MJiwdCqQQFl4OnBxqglKaFoAWIVIgKkYZvhAqd7cUWMMuvSL0yvD
+8+cdT/jomTLoYM439O7xDvMxbuyCh+CPzxPl6UkPCzsG/1SOgSJFxX8/CRWgQOTp
+iJ1a34+Z6sn/a1jGYOAwnHNrAgMBAAGjggEGMIIBAjAdBgNVHQ4EFgQUS5yyG3e0
+ez1OUUuyICi2AEQan7AwDwYDVR0TAQH/BAUwAwEB/zCBzwYDVR0jBIHHMIHEgBRL
+nLIbd7R7PU5RS7IgKLYARBqfsKGBoKSBnTCBmjELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5hbWUxHzAd
+BgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRlc3RDZXJ0
+aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3SCCQCa6minQ0rw
+FDANBgkqhkiG9w0BAQsFAAOCAgEANMKU0hTWibbZJ2YgMWZfxyXJL/RmsUYr30lC
+4FpzGQ1RZX8Gf4ewKvouyk+14z1x7wx5U78Gy0ahcP/Ek0Od2+hW6t36ImtJIk1Y
+bOP3il02as1TRwNeZ3P6XjKZ61MoW4QBg/ekJLZ84yIY6ZcJYGR9N47nM3Mqgt/Q
+myMa862VPraoiwXx52DTITNG8G4w0YKB/bwQuR8xfFZYzvEaFpc2XDFiY333jmLq
+iEAnMBFjVdgGVTbaGtdaiswnRwZEqJzxZbwNpjfeqL1/G2geMWO8BHXRbtRydizG
+iCmPqO+wUjbsazgydK9KXtpp/qwDsSPOuNE16W8nEv64rPNpGmATi7e3zdSHAtsz
+nq5ggZsVEy23Pc8HtLOaLruMCx/R0EVq/1vY7OVfT/fjCDNkUbp0cWfsFLbTGReg
+qucgU19sGElq+yOvD7yF/Cet5d+jFB7bavot2/rHrNywvDYo7Y46FnOnyeCogeD1
+ozyHl6tb7DepnRIh0lP6HJUdjr61tBgcQ0yZDInkde5bAvKLPwOsWCKI754We5Np
+p/Db5UB8tAU1dSnC1tsP4ktClzbAnZfN3iYZPVKbg+s868cl9ujutWg7EuHEDlWJ
+Sv/UL2kVgWJs3AbKy+qhQOiK7+Qm0xEVvhNXaCXGBH903etaX8yV9T2qHLLg57ph
+z51DrF0=
+-----END CERTIFICATE-----
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca.pem
index b1b6f2628da..ce5b8635fcb 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca.pem
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca.pem
@@ -1,34 +1,48 @@
------BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMbN8D5Au+xWdY+s
-GpUuSFSbHGzYfHmw0yajA9J8PiwDePRMl71OMMsByNsykjzXEr0BBOn4PNO6KW7K
-HdDicRavuC/iFucVpILUiJoLOUCPKb/EyAHUk0r2fdr3Ypd2ZXkD1EXmM9WTQnyW
-PEWqr1T7MmM9PhsD0r8ZbQVu8R49AgMBAAECgYBbC+mguQjXfektOUabV6zsgnUM
-LEElgiPRqAqSFTBr+9MjHwjHO84Ayvpv2MM8dcsxIAxeEr/Yv4NGJ+5rwajESir6
-/7UzqzhXmj6ylqTfbMRJCRsqnwvSfNwpsxtMSYieCxtdYqTLaJLAItBjuZPAYL8W
-9Tf/NMc4AjLLHx7PyQJBAOyOcIS/i23td6ZX+QtppXL1fF/JMiKooE9m/npAT5K/
-hQEaAatdLyQ669id181KY9F0JR1TEbzb0A1yo73soRsCQQDXJSG4ID8lfR9SXnEE
-y/RqYv0eKneER+V7e1Cy7bYHvJxZK0sWXYzIZhTl8PABh3PCoLdxjY0IM7UNWlwU
-dAuHAkAOUaTv9CQ9eDVY5VRW44M3TTLFHYmiXXCuvb5Dqibm7B7h7TASrmZPHB3w
-k8VfUNRv9kbU2pVlSCz0026j7XHnAkEAk/qZP8EGTe3K3mfRCsCSA57EhLwm6phd
-ElrWPcvc2WN0kqyBgAembqwwEZxwKE0XZTYQFw2KhKq0DFQrY3IR/wJAIAnLtabL
-aF819WI/VYlMmwb3GAO2w5KQilGhYl7tv1BghH+Qmg7HZEcIRmSwPKEQveT3YpCH
-nCu38jgPXhhqdg==
------END PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIIC3DCCAkWgAwIBAgIJAKwksc/otf2iMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD
-VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcMDU5ldyBZb3JrIENp
-dHkxHTAbBgNVBAoMFE1vbmdvREIgS2VybmVsIFRvb2xzMRkwFwYDVQQLDBBUb29s
-cyBUZXN0aW5nIENBMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTUwNjA1MTU1MTQ1
-WhcNMzUwNjA0MTU1MTQ1WjCBhjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZ
-b3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MR0wGwYDVQQKDBRNb25nb0RCIEtl
-cm5lbCBUb29sczEZMBcGA1UECwwQVG9vbHMgVGVzdGluZyBDQTESMBAGA1UEAwwJ
-bG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGzfA+QLvsVnWP
-rBqVLkhUmxxs2Hx5sNMmowPSfD4sA3j0TJe9TjDLAcjbMpI81xK9AQTp+DzTuilu
-yh3Q4nEWr7gv4hbnFaSC1IiaCzlAjym/xMgB1JNK9n3a92KXdmV5A9RF5jPVk0J8
-ljxFqq9U+zJjPT4bA9K/GW0FbvEePQIDAQABo1AwTjAdBgNVHQ4EFgQU+QOiCHTF
-8At8aMOBvHF6wWZpcZUwHwYDVR0jBBgwFoAU+QOiCHTF8At8aMOBvHF6wWZpcZUw
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQCbbIAjdV+M8RR3ZF1WMBYD
-8aMr55kgtnCWn4mTCDdombCYgtbaPq5sy8Hb/2wLQ9Zl4UuFL5wKWcx3kOLo3cw/
-boj8jnUDnwrsBd2nN7sYdjF+M7FLp6U1AxrE5ejijtg2KCl+p4b7jJgJBSFIQD45
-7CAJVjIrajY4LlJj3x+caQ==
+MIIDczCCAlugAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjB0MRcwFQYDVQQD
+Ew5LZXJuZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25n
+b0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazEL
+MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCBxSXj
+qA5y2EMQkcmvLDNikE88Og3+spJ3ex60HWVPk8EeXN68jyfbKLYsoCcBE2rBAE/N
+shVBJa8irh0o/UTh1XNW4iGCsfMvYamXiHnaOjmGVKjfBoj6pzQH0uK0X5olm3Sa
+zZPkLLCR81yxsK6woJZMFTvrlEjxj/SmDZ9tVXW692bC4i6nGvOCSpgv9kms85xO
+Ed2xbuCLXFDXKafXZd5AK+iegkDs3ah7VXMEE8sbqGnlqC1nsy5bpCnb7aC+3af7
+SV2XEFlSQT5kwTmk9CvTDzM9O78SO8nNhEOFBLQEdGDGd3BShE8dCdh2JTy3zKsb
+WeE+mxy0mEwxNfGfAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
+BQADggEBAANwbvhM5K/Jcl6yzUSqAawvyAypT5aWBob7rt9KFq/aemjMN0gY2nsS
+8WTGd9jiXlxGc/TzrK6MOsJ904UAFE1L9uR//G1gIBa9dNbYoiii2Fc8b1xDVJEP
+b23rl/+GAT6UTSY+YgEjeA4Jk6H9zotO07lSw06rbCQam5SdA5UiMvuLHWCo3BHY
+8WzqLiW/uHlb4K5prF9yuTUBEIgkRvvvyOKXlRvm1Ed5UopT2hmwA86mffAfgJc2
+vSbm9/8Q00fYwO7mluB6mbEcnbquaqRLoB83k+WbwUAZ2yjWHXuXVMPwyaysazcp
+nOjaLwQJQgKejY62PiNcw7xC/nIxBeI=
 -----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAgcUl46gOcthDEJHJrywzYpBPPDoN/rKSd3setB1lT5PBHlze
+vI8n2yi2LKAnARNqwQBPzbIVQSWvIq4dKP1E4dVzVuIhgrHzL2Gpl4h52jo5hlSo
+3waI+qc0B9LitF+aJZt0ms2T5CywkfNcsbCusKCWTBU765RI8Y/0pg2fbVV1uvdm
+wuIupxrzgkqYL/ZJrPOcThHdsW7gi1xQ1ymn12XeQCvonoJA7N2oe1VzBBPLG6hp
+5agtZ7MuW6Qp2+2gvt2n+0ldlxBZUkE+ZME5pPQr0w8zPTu/EjvJzYRDhQS0BHRg
+xndwUoRPHQnYdiU8t8yrG1nhPpsctJhMMTXxnwIDAQABAoIBAD5iGOnM800wO2Uu
+wGbOd9FNEFoiinHDRHfdnw/1BavwmqjO+mBo7T8E3jarsrRosiwfyz1V+7O6uuuQ
+CgKXZlKuOuksgfGDPCWt7EolWHaZAOhbsGaujJD6ah/MuCD/yGmFxtNYOl05QpSX
+Cht9lSzhtf7TQl/og/xkOLbO27JB540ck/OCSOczXg9Z/O8AmIUyDn7AKb6G1Zhk
+2IN//HQoAvDUMZLWrzy+L7YGbA8pBR3yiPsYBH0rX2Oc9INpiGA+B9Nf1HDDsxeZ
+/o+5xLbRDDfIDtlYO0cekJ053W0zUQLrMEIn9991EpG2O/fPgs10NlKJtaFH8CmT
+ExgVA9ECgYEA+6AjtUdxZ0BL3Wk773nmhesNH5/5unWFaGgWpMEaEM7Ou7i6QApL
+KAbzOYItV3NNCbkcrejq7jsDGEmiwUOdXeQx6XN7/Gb2Byc/wezy5ALi0kcUwaur
+6s9+Ah+T4vcU2AjfuCWXIpe46KLEbwORmCRQGwkCBCwRhHGt5sGGxTkCgYEAhAaw
+voHI6Cb+4z3PNAKRnf2rExBYRyCz1KF16ksuwJyQSLzFleXRyRWFUEwLuVRL0+EZ
+JXhMbtrILrc23dJGEsB8kOCFehSH/IuL5eB0QfKpDFA+e6pimsbVeggx/rZhcERB
+WkcV3jN4O82gSL3EnIgvAT1/nwhmbmjvDhFJhZcCgYBaW4E3IbaZaz9S/O0m69Fa
+GbQWvS3CRV1oxqgK9cTUcE9Qnd9UC949O3GwHw0FMERjz3N7B/8FGW/dEuQ9Hniu
+NLmvqWbGlnqWywNcMihutJKbDCdp/Km5olUPkiNbB3sWsOkViXoiU/V0pK6BZvir
+d67EZpGwydpogyH9kVVCEQKBgGHXc3Q7SmCBRbOyQrQQk0m6i+V8328W1S5m2bPg
+M62aWXMOMn976ZRT1pBDSwz1Y5yJ3NDf7gTZLjEwpgCNrFCJRcc4HLL0NDL8V5js
+VjvpUU5GyYdsJdb+M4ZUPHi/QEaqzqPQumwJSLlJEdfWirZWVj9dDA8XcpGwQjjy
+psHRAoGBAJUTgeJYhjK7k5sgfh+PRqiRJP0msIH8FK7SenBGRUkelWrW6td2Riey
+EcOCMFkRWBeDgnZN5xDyWLBgrzpw9iHQQIUyyBaFknQcRUYKHkCx+k+fr0KHHCUb
+X2Kvf0rbeMucb4y/h7950HkBBq83AYKMAoI8Ql3cx7pKmyOLXRov
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ia-ca.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ia-ca.pem
new file mode 100644
index 00000000000..6075fac376a
--- /dev/null
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ia-ca.pem
@@ -0,0 +1,77 @@
+-----BEGIN CERTIFICATE-----
+MIIGwTCCBKmgAwIBAgIJAJrqaKdDSvAUMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxv
+Y2FsaXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEG
+A1UECwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0yMDA1MTQyMjAzMzNaFw0yNTA1MTQyMjAzMzNaMIGaMQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxvY2Fs
+aXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEGA1UE
+CwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2FsaG9z
+dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMwgKFmX/uEl/PeSeqzT
+HeEyoDr0F7u6sbkHFciH7Jfo/6X4eoCannF9HV6I1enHBy5tDl6+otaSYq+3bPNt
+QgHIFjXwGO+lPV6eVv14eA5LOl8Qx3oAQsZAf3Xqdtbr6M8BdkIvATcZMkhGrGNh
+X2IuRi2HlyRNlYv50kzI+MBvW0tBDx3XuSBeRcdTEqKr+TIuuV75tGekfto/YMfW
+nTbivL7t51B97nhc8aHMP/TfXwkNbEIvTuNAFZRhB23irfkV9X+MtawytZOLxL+r
+I0dQj3RE/ltZK04kNXT4MUt0QiWqOi+Y7ATOAyaP3ZN+IRtYCNE2R5o3a4HCGS0n
+i0Lm3KPZzHt/iYfyX8l/kG8msL6mhdnKL99skEZO3aFGfm80MGWfMxx0NcGx62/J
+APV9mrbusMk34BwNjjpVsb+Gx3Y7gGFxYvSj7HYyoldk0bH79noUEeAKKzMJFxS9
+MvX5/t+7tB9Ulbvz/nrd1sk/JuVIo8+HczmThrIYbci+sA89NxIHzDywkMEqj+gr
+8Qx5W0gWhT19MJiwdCqQQFl4OnBxqglKaFoAWIVIgKkYZvhAqd7cUWMMuvSL0yvD
+8+cdT/jomTLoYM439O7xDvMxbuyCh+CPzxPl6UkPCzsG/1SOgSJFxX8/CRWgQOTp
+iJ1a34+Z6sn/a1jGYOAwnHNrAgMBAAGjggEGMIIBAjAdBgNVHQ4EFgQUS5yyG3e0
+ez1OUUuyICi2AEQan7AwDwYDVR0TAQH/BAUwAwEB/zCBzwYDVR0jBIHHMIHEgBRL
+nLIbd7R7PU5RS7IgKLYARBqfsKGBoKSBnTCBmjELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5hbWUxHzAd
+BgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRlc3RDZXJ0
+aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3SCCQCa6minQ0rw
+FDANBgkqhkiG9w0BAQsFAAOCAgEANMKU0hTWibbZJ2YgMWZfxyXJL/RmsUYr30lC
+4FpzGQ1RZX8Gf4ewKvouyk+14z1x7wx5U78Gy0ahcP/Ek0Od2+hW6t36ImtJIk1Y
+bOP3il02as1TRwNeZ3P6XjKZ61MoW4QBg/ekJLZ84yIY6ZcJYGR9N47nM3Mqgt/Q
+myMa862VPraoiwXx52DTITNG8G4w0YKB/bwQuR8xfFZYzvEaFpc2XDFiY333jmLq
+iEAnMBFjVdgGVTbaGtdaiswnRwZEqJzxZbwNpjfeqL1/G2geMWO8BHXRbtRydizG
+iCmPqO+wUjbsazgydK9KXtpp/qwDsSPOuNE16W8nEv64rPNpGmATi7e3zdSHAtsz
+nq5ggZsVEy23Pc8HtLOaLruMCx/R0EVq/1vY7OVfT/fjCDNkUbp0cWfsFLbTGReg
+qucgU19sGElq+yOvD7yF/Cet5d+jFB7bavot2/rHrNywvDYo7Y46FnOnyeCogeD1
+ozyHl6tb7DepnRIh0lP6HJUdjr61tBgcQ0yZDInkde5bAvKLPwOsWCKI754We5Np
+p/Db5UB8tAU1dSnC1tsP4ktClzbAnZfN3iYZPVKbg+s868cl9ujutWg7EuHEDlWJ
+Sv/UL2kVgWJs3AbKy+qhQOiK7+Qm0xEVvhNXaCXGBH903etaX8yV9T2qHLLg57ph
+z51DrF0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGuTCCBKGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5h
+bWUxHzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRl
+c3RDZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcN
+MjAwNTE0MjIwNDA4WhcNMjIwNTE0MjIwNDA4WjCBmjELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5hbWUx
+HzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRlc3RD
+ZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvai9QUGngMN2KStKblKKL2wbmeje0
+ciFDqgKE1NeYnVXSb+2Gfh0GsfMlPAHLnrJJavxP+hlEtE7xAUzMXRpG+1UlF/9F
+GoOVXbiD4kcJStnpAem1Rekdnno/BjHnXHi6ICcSzHIj79hZP1duwtBVpbsZL4ex
+NxGJUbQI/HXP4Ii/a6PgVmr214I0Gvzv5vuqqyUzrTqXia5MPjs74Dx6vlxec1RP
+KTweLCOQDv3qyYaTmp9zTflOUXQ5PZYCudhasegZBz/M3dZ/DKEHdmLbgZIEeMO/
+Q0aNeS2nv/6vrM/eNlxC9Pojl4ilJX+O91JfcrKBQHbsArc0YTeFI2MVtFVr9ZMc
+1tDskKOciT4eBkyQ5Fxj6PXqY6drFGTU34v3agbMQ2MuOoEzuU0sa29aIHxU4f1J
+mIHzBx2jQBMhNQoyV8/f/ww85hRI409vFTpKsksQUCphfoAzZkDgE1K1HTmm9EoE
+ALpHYXed/9HqIhhPDvi5rM+YbO+oA8RMWIBfYYigXBbggpkRXJzj1Rszpog9LWvV
+REZZt7/zMKFUVdA6ZX1xPq+YD2LI0GJQPKKFOFZlU8l4hgm28mXNu4cRWALFfQ2p
+oyzqCXDrL8mg6PQMm31SeJYJVoHBxmK3GHm9Xmx/ATJdGzLKOWasA9AQ0ZB4N2EO
+SEyiFmYiR3JfpQIDAQABo4IBBjCCAQIwHQYDVR0OBBYEFA1nxNTcT9PtIMze0tTW
+om9ezkwiMA8GA1UdEwEB/wQFMAMBAf8wgc8GA1UdIwSBxzCBxIAUS5yyG3e0ez1O
+UUuyICi2AEQan7ChgaCkgZ0wgZoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEk
+MCIGA1UEBwwbVGVzdENlcnRpZmljYXRlTG9jYWxpdHlOYW1lMR8wHQYDVQQKDBZU
+ZXN0Q2VydGlmaWNhdGVPcmdOYW1lMSMwIQYDVQQLDBpUZXN0Q2VydGlmaWNhdGVP
+cmdVbml0TmFtZTESMBAGA1UEAwwJbG9jYWxob3N0ggkAmupop0NK8BQwDQYJKoZI
+hvcNAQELBQADggIBALncufwQDoui6iUBMFwP7VM87EHmkYLfnKG2Jdmcb8zKZ2G/
+umS1glYpPtyFISzo3TZH2kY1x0pwFjuS9zjt+Y7OgmT0Ktqg8Z4iLD7Qf3bPe/2t
+P1gbPyiLQsVoa1StaYYZ9pn/AO4Cm/LenwdtpQLDrR8GIS4GEpYLjSRMor83QlbV
+rb7zJoUf13Ycu996rAoXyeDQ7CFiT9eHh9/7YewKW3c6eaWwSeJcMfOBqZSZiD0h
+e95s2MeMcFhBQtWNnGWdja/PqP/7EgQ2h4ts1mmiPfchvBN06xOHivq43C0J/M7P
+VsGJ2GoHZjRhaZ73J4Uq2sQqqQot+aJeKSFjrxEEajd1NAbRTF3HBturErOS2XT0
+WGMT2mzRvU7ATQyDtp3sDkrJfEhGIyOIqosnqvlgaA3aEHF83FRbtaUi1TElURc5
+u8ter2eSQbjPRADpY/ox26Oca//DeSm3eEa6zTWTYxD2MPE5EPHtoljVxpDipxkv
+XDOwXi2sR6oQMdz11W2jYibVOY4thFsm+FtfIa5jg7ycG9ASuvAupkU5auKU8W+Z
+iDDJI3gHyiD3AKvaoBHIpSTVVQlKryTbo2IIbeerrimxfPjy2mSBsec463KUjpoN
+50WdDp2BcCQqN+I0GEp4zcGLO4DqzOBaeWxy7jCQRVKfv8V2zKZ2X1w2u3Nk
+-----END CERTIFICATE-----
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/server.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/server.pem
index d2aaa930ff5..5c56ff42b0f 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/server.pem
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/server.pem
@@ -1,32 +1,48 @@
------BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALOkdwU9Qx4FRn+z
-coBkeYYpVRg0pknPMDo4Q50TqZPfVhroTynx2Or+cjl5csd5hMKxWQpdzGq8JzH9
-2BCLcDz/51vG3tPrpLIB50ABqa0wRGGDOO+XN0h+VkdqJvKReWOsNRoMT3s0Lh78
-BqvRUomYXnbc1RBaxwWa+UoLCFgnAgMBAAECgYBd9XmjLeW6//tds5gB+4tsVpYB
-cRhAprOM3/zNXYlmpHu+2x78y1gvoSJRWWplVvPPeT8fIuxWL0844JJwJN5wyCwN
-nnrA28l6+Tcde+NlzCxwED+QDjAH20BRxCs0BLvnx3WAXRDmUbWAjOl/qPn9H6m1
-nmUQ7H/f6dxZ0vVMQQJBAOl3xeVLyZZ828P/p3PvYkaeIxxVK1QDGOWi/3vC0DrY
-WK8xAoopjj0RHHZ1fL5bG31G3OR9Vc/rfk4a5XPIlRECQQDE+teCTiwV5Wwzdpg3
-r440qOLCmpMXwJr/Jlh+C4c8ebnIQ9P5sSe4wQNHyeEZ2t7SGvPfjr7glpPhAkXy
-JTm3AkEAvNPgvVoUy6Bk5xuJRl2hMNiKMUo5ZxOyOVkiJeklHdMJt3h+Q1zk7ENA
-sBbKM/PgQezkj/FHTIl9eJKMbp8W4QJBAL4aXHyslw12wisUrKkpa7PUviwT5BvL
-TYsrZcIXvCeYTr1BAMX8vBopZNIWuoEqY1sgmfZKnFrB1+wTNpAQbxcCQQCHbtvQ
-1U2p5Pz5XYyaoK2OEZhPMuLnOBMpzjSxRLxKyhb4k+ssIA0IeAiT4RIECtHJ8DJX
-4aZK/qg9WmBH+zbO
------END PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIICbzCCAdgCAQEwDQYJKoZIhvcNAQEFBQAwgYYxCzAJBgNVBAYTAlVTMREwDwYD
-VQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEdMBsGA1UECgwU
-TW9uZ29EQiBLZXJuZWwgVG9vbHMxGTAXBgNVBAsMEFRvb2xzIFRlc3RpbmcgQ0Ex
-EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNTA2MDUxNTUxNDVaFw0zNTA2MDQxNTUx
-NDVaMHkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwN
-TmV3IFlvcmsgQ2l0eTEUMBIGA1UECgwLTW9uZ29EQiBJbmMxFTATBgNVBAsMDEtl
-cm5lbCBUb29sczESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCzpHcFPUMeBUZ/s3KAZHmGKVUYNKZJzzA6OEOdE6mT31Ya6E8p
-8djq/nI5eXLHeYTCsVkKXcxqvCcx/dgQi3A8/+dbxt7T66SyAedAAamtMERhgzjv
-lzdIflZHaibykXljrDUaDE97NC4e/Aar0VKJmF523NUQWscFmvlKCwhYJwIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBACJiTnC3nksZsmMyD88+DuV8IA1DHSby4X/qtDYT
-eSuNbxRKnihXkm2KE+MGn7YeKg4a7FaYiH3ejk0ZBlY3TZXK3I1uh/zIhC9aMnSL
-z0z4OLcqp46F8PpYF7ARtXXWQuOEWe6k+VKy5XP1NX60sEJ0KwGBQjUw3Ys41JE8
-iigw
+MIIDfjCCAmagAwIBAgIBBzANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
+ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
+FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
+BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjBsMQ8wDQYDVQQD
+EwZzZXJ2ZXIxDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMHTW9uZ29EQjEWMBQG
+A1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsxCzAJBgNVBAYT
+AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp76KJeDczBqjSPJj
+5f8DHdtrWpQDK9AWNDlslWpi6+pL8hMqwbX0D7hC2r3kAgccMyFoNIudPqIXfXVd
+1LOh6vyY+jveRvqjKW/UZVzZeiL4Gy4bhke6R8JRC3O5aMKIAbaiQUAI1Nd8LxIt
+LGvH+ia/DFza1whgB8ym/uzVQB6igOifJ1qHWJbTtIhDKaW8gvjOhv5R3jzjfLEb
+R9r5Q0ZyE0lrO27kTkqgBnHKPmu54GSzU/r0HM3B+Sc/6UN+xNhNbuR+LZ+EvJHm
+r4de8jhW8wivmjTIvte33jlLibQ5nYIHrlpDLEwlzvDGaIio+OfWcgs2WuPk98MU
+tht0IQIDAQABoyMwITAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTAN
+BgkqhkiG9w0BAQUFAAOCAQEANoYxvVFsIol09BQA0fwryAye/Z4dYItvKhmwB9VS
+t99DsmJcyx0P5meB3Ed8SnwkD0NGCm5TkUY/YLacPP9uJ4SkbPkNZ1fRISyShCCn
+SGgQUJWHbCbcIEj+vssFb91c5RFJbvnenDkQokRvD2VJWspwioeLzuwtARUoMH3Y
+qg0k0Mn7Bx1bW1Y6xQJHeVlnZtzxfeueoFO55ZRkZ0ceAD/q7q1ohTXi0vMydYgu
+1CB6VkDuibGlv56NdjbttPJm2iQoPaez8tZGpBo76N/Z1ydan0ow2pVjDXVOR84Y
+2HSZgbHOGBiycNw2W3vfw7uK0OmiPRTFpJCmewDjYwZ/6w==
 -----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAp76KJeDczBqjSPJj5f8DHdtrWpQDK9AWNDlslWpi6+pL8hMq
+wbX0D7hC2r3kAgccMyFoNIudPqIXfXVd1LOh6vyY+jveRvqjKW/UZVzZeiL4Gy4b
+hke6R8JRC3O5aMKIAbaiQUAI1Nd8LxItLGvH+ia/DFza1whgB8ym/uzVQB6igOif
+J1qHWJbTtIhDKaW8gvjOhv5R3jzjfLEbR9r5Q0ZyE0lrO27kTkqgBnHKPmu54GSz
+U/r0HM3B+Sc/6UN+xNhNbuR+LZ+EvJHmr4de8jhW8wivmjTIvte33jlLibQ5nYIH
+rlpDLEwlzvDGaIio+OfWcgs2WuPk98MUtht0IQIDAQABAoIBACgi1ilECXCouwMc
+RDzm7Jb7Rk+Q9MVJ79YlG08Q+oRaNjvAzE03PSN5wj1WjDTUALJXPvi7oy82V4qE
+R6Q6Kvbv46aUJpYzKFEk2dw7ACpSLa1LNfjGNtMusnecA/QF/8bxLReRu8s5mBQn
+NDnZvCqllLbfjNlAvsF+/UIn5sqFZpAZPMtPwkTAeh5ge8H9JvrG8y8aXsiFGAhV
+Z7tMZyn8wPCUrRi14NLvVB4hxM66G/tuTp8r9AmeTU+PV+qbCnKXd+v0IS52hvX9
+z75OPfAc66nm4bbPCapb6Yx7WaewPXXU0HDxeaT0BeQ/YfoNa5OT+ZOX1KndSfHa
+VhtmEsECgYEA3m86yYMsNOo+dkhqctNVRw2N+8gTO28GmWxNV9AC+fy1epW9+FNR
+yTQXpBkRrR7qrd5mF7WBc7vAIiSfVs021RMofzn5B1x7jzkH34VZtlviNdE3TZhx
+lPinqo0Yy3UEksgsCBJFIofuCmeTLk4ZtqoiZnXr35RYibaZoQdUT4kCgYEAwQ6Y
+xsKFYFks1+HYl29kR0qUkXFlVbKOhQIlj/dPm0JjZ0xYkUxmzoXD68HrOWgz7hc2
+hZaQTgWf+8cRaZNfh7oL+Iglczc2UXuwuUYguYssD/G6/ZPY15PhItgCghaU5Ewy
+hMwIJ81NENY2EQTgk/Z1KZitXdVJfHl/IPMQgdkCgYASdqkqkPjaa5dDuj8byO8L
+NtTSUYlHJbAmjBbfcyTMG230/vkF4+SmDuznci1FcYuJYyyWSzqzoKISM3gGfIJQ
+rYZvCSDiu4qGGPXOWANaX8YnMXalukGzW/CO96dXPB9lD7iX8uxKMX5Q3sgYz+LS
+hszUNHWf2XB//ehCtZkKAQKBgQCxL2luepeZHx82H9T+38BkYgHLHw0HQzLkxlyd
+LjlE4QCEjSB4cmukvkZbuYXfEVEgAvQKVW6p/SWhGkpT4Gt8EXftKV9dyF21GVXQ
+JZnhUOcm1xBsrWYGLXYi2agrpvgONBTlprERfq5tdnz2z8giZL+RZswu45Nnh8bz
+AcKzuQKBgQCGOQvKvNL5XKKmws/KRkfJbXgsyRT2ubO6pVL9jGQG5wntkeIRaEpT
+oxFtWMdPx3b3cxtgSP2ojllEiISk87SFIN1zEhHZy/JpTF0GlU1qg3VIaA78M1p2
+ZdpUsuqJzYmc3dDbQMepIaqdW4xMoTtZFyenUJyoezz6eWy/NlZ/XQ==
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-client.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-client.pem
new file mode 100644
index 00000000000..c868b0e5e86
--- /dev/null
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-client.pem
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIGYTCCBEmgAwIBAgIJAL+8WDUncZFZMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxv
+Y2FsaXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEG
+A1UECwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0yMDA1MTQyMjU2MzRaFw0yMTA1MTQyMjU2MzRaMIGMMQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCTlkxJjAkBgNVBAcMHVRlc3RDbGllbnRDZXJ0aWZpY2F0
+ZUxvY2FsaXR5MSEwHwYDVQQKDBhUZXN0Q2xpZW50Q2VydGlmaWNhdGVPcmcxJTAj
+BgNVBAsMHFRlc3RDbGllbnRDZXJ0aWZpY2F0ZU9yZ1VuaXQwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDCxxLZEQlJ8WKABPr7d74ra/Mqh6dPwk0Zos5A
+r3JIlq6/OJ91k0GjgewQn8N/Jhr3BYhlscXhuB1C0gI7agbi58fU8TMOvcqsDM3G
+T9XehOedls5HMBmxkz6l6KXcCRHamhQv09nyBw3VOkoby/AoMdwCZgJIAOGfw8Lp
+dAO71X5llzDPKVQtpA8NQF7uZq6Qv72Papf5OgxN5LwOH1IXW2Yd+Y/j4p0Z7j+x
+31zJ/1Don31CQZK2b7qDojh3X0DH5HO883fw8Q1j9PQc7pPJ4OoXK170cycwln/o
+fsKQsGlaXzJcz0F3XO3xlpgA6ScfJ4F/92kB34IlutFbxacNjoLa1QeolwNYcoO2
+cdL/4XHpgQgwblOcBnSkJoakYeVBwRVaRUxmG8b9bBzLXtOy078naFED6Q6LzP7+
+cT9ZSPdOxk728JMpjIsEFAi5Fpv/nVuGx9/+xIOF1w/Q+Y/nvvThEGc7X08WtLeJ
+tKFTE7OWX+UVeuR4g8UEYEdAGQzstBaDjVtLGky57QY7HZaNbWYUPu6As6HYKazK
+xBXDFs2Cpg8zIroTwjBh7+F56bq06xGZnXX/iXUULKwgwOaAN9cAd5dLX+PFPO9z
+R2Mt5UWYtUL4295JGabDPqI0nDWmv8Omtbat4cHHajAePUn28jy5+32zbt2Bqe/T
+R9/tdQIDAQABo4G1MIGyMB0GA1UdDgQWBBQMaRN+ZH/PO1MrfSYYsOoSRXuR7jAJ
+BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDBXBglghkgBhvhCAQ0EShZIT3BlblNT
+TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgZm9yIFRFU1RJTkcgb25seS4gIE5PVCBG
+T1IgUFJPRFVDVElPTiBVU0UuMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjANBgkqhkiG9w0BAQsFAAOCAgEAgCSb//bj5EOp6v8mvmn688e34DHRevkrBfUt
+SrVyO7vsuZvb0xa8nAKnvpH6h85n5S6VDBKznQndYOPYX1w7QeJK6ZHJYNv9wRs3
+9bO7hT9LiRIas+DwEAheW9KRC2U1xtHNlr5UnkbWqfK0n4u/b1oJKA2wz0wl+B/k
+tbZgEYaa8RIMc0uOel4hzaYUygXKNL8JXoDGzXKqcUO/a7tCW55CQQW8o5NT8sTX
+wwGyNl3vjxxjL3DDJd8HdE3pqnh3Q8sYihipF6K6KGfAj6N4ZH1lZfwP+n7C5vHf
+w5XXhrJ0il+psjSbnGWtZx5GOC1axx1xUxfOMGY//iiwnzSqXfghBX2eMHix1RuB
+4vmLDI6l/t2LfI84Xm+BYrOed6jkb2pfGsK9WK8jzeEX6zkZSDBeHU7ztD7/Jc3p
+Ggl9vRji4Gdqf1rXfiy6P3ke8rVFEoWT73Ocqa+pPhVUhVt4VPnG7dxw3hIA+WOX
+GUOkdG5BLBByhixgTv/dK6B5ka+Y4qfFHRB+DvlMnmDRu+q3fhpAsG2ED6xapLOa
+eDRJYVtFPlgtGzT+b38tnbWHDzk7OCjJdRGF9x+gBZuLsxfhJ4wKcFrbwie+aypj
+5QrzX7X9PG36YCcQPxvzHDwH1OGJaqcd/ZUwHxCapPGamC2jSM5ATzhgTNTFDxVh
+On1Mo4o=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAwscS2REJSfFigAT6+3e+K2vzKoenT8JNGaLOQK9ySJauvzif
+dZNBo4HsEJ/DfyYa9wWIZbHF4bgdQtICO2oG4ufH1PEzDr3KrAzNxk/V3oTnnZbO
+RzAZsZM+peil3AkR2poUL9PZ8gcN1TpKG8vwKDHcAmYCSADhn8PC6XQDu9V+ZZcw
+zylULaQPDUBe7maukL+9j2qX+ToMTeS8Dh9SF1tmHfmP4+KdGe4/sd9cyf9Q6J99
+QkGStm+6g6I4d19Ax+RzvPN38PENY/T0HO6TyeDqFyte9HMnMJZ/6H7CkLBpWl8y
+XM9Bd1zt8ZaYAOknHyeBf/dpAd+CJbrRW8WnDY6C2tUHqJcDWHKDtnHS/+Fx6YEI
+MG5TnAZ0pCaGpGHlQcEVWkVMZhvG/Wwcy17TstO/J2hRA+kOi8z+/nE/WUj3TsZO
+9vCTKYyLBBQIuRab/51bhsff/sSDhdcP0PmP57704RBnO19PFrS3ibShUxOzll/l
+FXrkeIPFBGBHQBkM7LQWg41bSxpMue0GOx2WjW1mFD7ugLOh2CmsysQVwxbNgqYP
+MyK6E8IwYe/heem6tOsRmZ11/4l1FCysIMDmgDfXAHeXS1/jxTzvc0djLeVFmLVC
++NveSRmmwz6iNJw1pr/DprW2reHBx2owHj1J9vI8uft9s27dganv00ff7XUCAwEA
+AQKCAgEAr3HRsGSAEXK0XswdptU9Hq+l4PE/68AA4s6bKfje4DOaQ/Qk7isuPLGS
+iYbe+XDBaTA6pB91NtQ4xy+TgyEGAuz0OwLoEqcyH7eIwtC2vDDK0FA+jjDtc95F
+1/uvKnug8V9IP6x77F4eP6q5hkA0moAOxLpN472nfdk/gDlYA6FSsP92n6OCh3n3
+dOA+ok8rfoa3oK9LJNr8qk0Wd0IPF6rkWKuqyIIfMHRCO14OnoSzxFWk5kFafao2
+PsuoQR4zo9pLxi8oIod+oELMgCMGTBmjwir25Qm0izeFD07ewqWkwBpvqtmlBndW
+fP5A/NEGxDE5nKKmm2FQQdv9KMToquMNsVrF8n4pwVExgeZlvmKCMsgIf20x0QyR
+LqLNGwY/KmOMjI9rq5dBwPqE0FUmY12yU+f2znJ+cgsiw50D5M+0HCzfYzooH4qK
+KOuNuVyVFFBsRRWUDFF/8twtsCp8W2/Tf1xJV9iImD4tqbzmsyGLkGAMxR5PT6e6
+Ce7ibNmqFmR73lsPBPaKhYMkSt4WP6m9dkvXk71cMzUK6irPt6q48eaB59CpsCO/
+FEgqLzkptEsJGzBYGadLaMBT8C1z8af58q55IEZ8lg+ZXxKh4PflUEuZFrYbuJqw
+9Cut6Ojrtar6wpwqbFoKpu/NTD/EkLB1qzbA0RNcusRzk7iw9wECggEBAOP9bEAG
+/IsHVJ717w4dCrV02BzXlxl5eUgf0q39CGd9jic94tt3N34dY9l3k28yp3WK+Wx0
+ZUCkm0izG3SpQVSbMv9MrfHH7OIIRTtXnpu6cP5JBeoNpc2RJrhDZDcR0CW6GigQ
+NvUiHYGCuvQc9rzp+XGNlngmiTGZUf+GiqvBVzHVrCOX2uFNdPKxTxM9rnQqO1FG
+wdLsMK/4W3y7o2UuL0Gpe8cEcb8+oy0n8/IUSZeMXaxb26HMPoj5d51447bKfuaU
+P3He7UlXhLwIHJ3vB8GDj/GMRr2SiciCanym+lOh8zsjwokl7cN5m0SGWLcwRqN+
+gZfN0koMTSSWa70CggEBANq1FMJ8/TXx0UQNFsSBhAllpQAn0u6SVCdEoyxM+atm
+RsHQCqsN/wn8V3+tiE+zHgPfhYoFqyRIDzaZDKdqwQhoi+arEP53la1HXuU4zSOi
+hBXkuCjA9UR3m9CzvT8xxsfB8dLlhLOVkdHvoUsCgSWz2iYJWFCKCvm7E3HxDfsF
+XXN22KHN2J/mIlRjFd6yzhzgQfBENowg0Y187eItz15tADNcC03lKKqVoo74JZw6
+2N3IlL/thC5FySI84CfQ+eF62mnck9L40e52HKJRguQE96O9UXdfKdjl2EQfWnOQ
+WEwkjm5o1ZviB62iGDMCnmHglSZ47u8LLt3MCTlviBkCggEBAMYe+I3fRGCwmxmU
+EAxMsnyjMBZIRvcNN5a0iMlHhKEiW4DAZ75dqCyA778QCV/tPdaIUV2s/Dwjjwmr
+E2Xam3ohcDyo7tOX78MwerEp4Bvl9cETxf7xoy6zP1mKvrCYWzAdvBMqnAeDgO6F
+o171OHlMPccuyh5ZJomieb46tZCx78rPqso3cS6ut70a1eObi1lJRcjIWzCmrVyN
+zzrieAg6DTjbRkPZGdueXACmonewp475nIFmRcMhkQpI92gxoHi9GW/YThXvKna8
+hg08Y1nfWPcSE+lNBEBC8lb69fyiwhAhQRQYbDnwauCecY4nzTpLymbTTVyUsHRG
+olb0HGUCggEAEFNMBWiHDivKzyWa+XghfwITWvueByjtFzFMbNYiHOU5iuYYpcQZ
+sYkgjutJLYnVR7y7nx3lNIQcfprWEvkpB5OmPcWvMw+CILkfIEUpKuvKqEe2Z3Rf
+2oiDHQUNr1Xr3KVhg7iWO0GC7QTSKWM6eLIAKq6v5PMo9pM8VFkGDiLMYv4QFaPj
+86ueDGaJD2KReB5VTbYJzFP20HTu3N9Gh2njhfHs9heQ/YrF454qUIsj/Qon8Fuu
+bjXPWbrpkI9M18Pv4c8RScJBCWfPo14qQxML2TEcj6iO2x3tEsi0W8P+k1B3QU6a
+A1TP9eoPnF8pq2y0NXb5fuZ6zRuZ5KuqoQKCAQBzFS0ziD9A2WNcSwkjomuZtlDi
+roXDETgBQnX8pWCo1YO8p+OrC/Av2p69pHvhb7v28kB+oRvjbhbQ9BTmwuN9OsLC
+0gXsXuIBeJn+W7QuyyagRxUHrnfnhzVvmHUDRogdtwjw6ffpzdZ3CySZklAw2Qoq
+C9j4YZYjPd7tQccoSSpb8tNS27etoalTx2Dohqdj4yanUpD8bPUNaRl4VE7vi2aj
+2YPNDX0LxfPpgYwXAdDc8v9ZMQdee6nvWQ8gS16YjY3MCQdf/clpfkAoDPXFZ7H5
+huPOQXfp5IZbaiJ4N+GmNi4ZpfvYTThSjBb/ulprGIA3oo0x/gmpwcAgidub
+-----END RSA PRIVATE KEY-----
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-server.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-server.pem
new file mode 100644
index 00000000000..fda97c23bff
--- /dev/null
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-server.pem
@@ -0,0 +1,89 @@
+-----BEGIN CERTIFICATE-----
+MIIGmTCCBIGgAwIBAgIJAL+8WDUncZFYMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxv
+Y2FsaXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEG
+A1UECwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2Fs
+aG9zdDAeFw0yMDA1MTQyMjA0MjBaFw0yMTA1MTQyMjA0MjBaMIGuMQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCTlkxJjAkBgNVBAcMHVRlc3RTZXJ2ZXJDZXJ0aWZpY2F0
+ZUxvY2FsaXR5MSEwHwYDVQQKDBhUZXN0U2VydmVyQ2VydGlmaWNhdGVPcmcxJTAj
+BgNVBAsMHFRlc3RTZXJ2ZXJDZXJ0aWZpY2F0ZU9yZ1VuaXQxIDAeBgNVBAMMF0h1
+YW5zLU1hY0Jvb2stUHJvLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA5VGWSyzDu6A2t8qx8SuqnFqI0hto7Udak9zTeSDy9SjbtRvzlPuruKFF
+aq1atVJAuzIxzMaV0LLy70EH0LapBEmS+kFzQHwVSo06JaZwGEmWkrD13MW97Xva
+nargF4a8o0O3ZUL73/9SyeF6o7J1eJd9hVRY+YVez2HTbAr9AfObRGmhBKky3NdR
+SNuIT2aTS9eWsiJ7dexr26k5XIMoDQ7agvw+YvmrhAjsyeL8PkLY4U/8Rnb4PYtY
+/7VHkPNvN7Cd+A8GmWZAQGvEeX2VfYgjXUP+8+UrvOVpErtSGzzNNt3q17/qan2p
+mrmHl+lL4epy2f1if1aVT4CiEeqMa81yYiNpbeA6RIDd39bH5IsJOqy+vBqdwILq
+Pz0iDxm18DxUmcPcvLEPDiGOWRKAqvDmNZpIzTbbK9BzWRzaKdAxkIZVT406I70j
+Fp8QKcmfhN1LUg1YV30MnJjjzvVH3wTbM/a7kUSf2uPM1Eb5Ag4z9Q0s7zKjalTB
+qQDMUREPWMA0gufblfyFAYMhHDrqQdzy/JsCTkjtCngUgS/lwzunpA03gHRnq3DF
+IfVn9tTZzopJyCyeku7BrNGBW01DdkKdfMpKgiavIXRaZrg6KqrsngKPQjxijIqZ
+ixJSgHBQVd6fw040bAJsHtLQrpvbF+r6zKVKMVngxyOvfHe07acCAwEAAaOByzCB
+yDAdBgNVHQ4EFgQUh+CUXhE6z6rdlr4/zGgmIqrlYzgwCQYDVR0TBAIwADAOBgNV
+HQ8BAf8EBAMCBaAwVwYJYIZIAYb4QgENBEoWSE9wZW5TU0wgR2VuZXJhdGVkIENl
+cnRpZmljYXRlIGZvciBURVNUSU5HIG9ubHkuICBOT1QgRk9SIFBST0RVQ1RJT04g
+VVNFLjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwFAYDVR0RBA0wC4IJ
+bG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4ICAQAtyk+ncTEqkeCb/gvJTHZdqw1h
+e4J18kemOvtlypWeRfRTWgUKpaI6tMCQUG5XsWIxuawxchncdqJVJkAG45zeI7wQ
+kcIOA/Wk/RhCsnJ1hZufPn+p+CZPG7Y++ySKBjNZ53kkdyVytdO9AoK6knH0NQ5m
+3epsjBtyJAUczUR8pu/WaFmufxlxprqQdsRiH0QK6wpNfcGFUQ1Wg6sijlrfb42e
+IsBOsLIcZ0sCVG8QW3EAp99hiytuAbxpdAqRyH7/JvE2wPrhvw3tuyBCkehdJAqk
+/dfkJpwV9Rz/e/+R9Akw1D5WHZIBL+jGr/dMSKQaSMApw/s4F5ZZWOdK6S47rJNO
+5jyg6WdHpcoE5i0b/6jA6JtNUDJvryhzU99nx+9pnhob9GmdNL7kh10qqkc7CX6Z
+mmENaN94Yt8jbNSj8b7YcVshC3OH1PW7spvSarOiIPVUsORO6zF9HRELdjBpICyS
+hnmIcgbZsjzNRyeNFVw9YOygpREurfZToUkegv1sHVMyY6nxPNjBl2KZP2Z2jApJ
+mH8Jt8uE8Y6qa2ewdvehch7DoecuZBrY0qt9wWNjxJpBT6RJkHvNMbpbGwhK94zP
+2bzWjzagWEJbJlpltJchZba3rPe2I5rrSeOgri6D585Dvz/aUEu3Z/bEhpDw5UTy
+4HzTvJAU7K4T5Ku+Yw==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA5VGWSyzDu6A2t8qx8SuqnFqI0hto7Udak9zTeSDy9SjbtRvz
+lPuruKFFaq1atVJAuzIxzMaV0LLy70EH0LapBEmS+kFzQHwVSo06JaZwGEmWkrD1
+3MW97XvanargF4a8o0O3ZUL73/9SyeF6o7J1eJd9hVRY+YVez2HTbAr9AfObRGmh
+BKky3NdRSNuIT2aTS9eWsiJ7dexr26k5XIMoDQ7agvw+YvmrhAjsyeL8PkLY4U/8
+Rnb4PYtY/7VHkPNvN7Cd+A8GmWZAQGvEeX2VfYgjXUP+8+UrvOVpErtSGzzNNt3q
+17/qan2pmrmHl+lL4epy2f1if1aVT4CiEeqMa81yYiNpbeA6RIDd39bH5IsJOqy+
+vBqdwILqPz0iDxm18DxUmcPcvLEPDiGOWRKAqvDmNZpIzTbbK9BzWRzaKdAxkIZV
+T406I70jFp8QKcmfhN1LUg1YV30MnJjjzvVH3wTbM/a7kUSf2uPM1Eb5Ag4z9Q0s
+7zKjalTBqQDMUREPWMA0gufblfyFAYMhHDrqQdzy/JsCTkjtCngUgS/lwzunpA03
+gHRnq3DFIfVn9tTZzopJyCyeku7BrNGBW01DdkKdfMpKgiavIXRaZrg6KqrsngKP
+QjxijIqZixJSgHBQVd6fw040bAJsHtLQrpvbF+r6zKVKMVngxyOvfHe07acCAwEA
+AQKCAgEAq2Uidwd7OAYUP6RxAPeJKhmEv70a3JYDPhbDvHoC/XfPVvsQQN8lxvZK
+ouP0sydKGF/41rvqh7ToXCh3xehwRTMUdpVqpdzYMQODXVab25tMvlEjQiJNxW1X
+xZZMrWjYHxLixP2eshnsb9VmS2l74WkguQGFCuJDLa9JTSydU9MWzrhAT/KCgIsy
+RslGhUn+d6YoDPY23rmZF/HQXLPuwGvEqDgODP3c0u+0w2Qy8foWjbixrp0HB0Da
+gSyl09IO40nPl/LrFMZW6Y9ipwdVLyEMhY3nxbUYzrOMqCJ3yMHWA9czypO3imZn
+2Kwoi0MkozMPKpz2/IPjTyuudsOetR385rNLSAwSDPJiEu+oiC5+iyMdohfdeSJI
+11ttMGXs0FVR9eKOiMJJVhtMA4YTP29BkEvBHuWQjrpmPh2+FX1+EVr8mQbmDxlk
+lqbYYVyclUmg9CJ3fdwJia6v88gVIcmJLJGYqtjFoMFbf24qMP8+Vz3ck86n5l6x
+pHFKR9S4j8yGue70tFYWWkiUamJOfsDavqyDxpiR5Vwz+W+enpkao7KpZPIGfhM8
+g0ioCEA40Yq4grPGzByCSxOqE5RMsEY9iBY14EHXNESvFb+LPWozpyrxkaXwy7Zj
+pFJn6SoYjhO952BhTDal95bcA45dcE7o2VO3x4gSUa7pF8PhbYkCggEBAPWmPltO
+pp3dyd2yQGxXbVVduCBrgC2Kc5GKvlAKf94kr8Hy1w29vFQLF+jloYUXWgOfVZ78
+1uTzSsMuPHwcsYp6a5cqdcVxFarzECQGoahs7Pg5o0WKBRTCw3TUIs4l3UOAog/F
+Eq8M4qW/0idi9OHkOY8S8Wh8nSGHnvX2/m0vXLOl1ZBFs+T3ChikvRiy52RfPlSj
+FZ0wWnePuf1RtKDev4X/21zq3gQmJkGzT5rPIjt0iHE8CZrY5FXRWmT6/nYqXaRx
++FU8fwYdxp6EpsNXEbuuzak77BIzaNUxaQ5WklrHyp0T4raJgNCRfSEsbnSNiMO1
+qzcRh00CW6cUTj0CggEBAO77MEbXsRZgTKTGVyyKsSyn8TuJw6U0nkVID2+Bn325
+3o1XY/oLkCp/XlIcStrzNEi6CfJ6T5Tk52A6K6Sko3BGh1hiMSQEyqeT77Jnjp2V
+fGiXy8925QShmWushuz8RgyTf99mME7BVa78E4CqrHFBTM8S1poDfL+e7qrT2oTO
+yDbQgVacLJK5dop47XvicPvtXHPsDHsL1xl3oBoKYnei+L9HiO96VckCL6k2/2n+
+HuhRnKIbnw6gmCk13mlrHDE+xKEue4KQlfttxByRYXyzYLUQdgptsNE1KjAP8jKR
+vmRFik+XHjcJW8rcTeHYI72Xsj9Ni1OTtRbooZ9frbMCggEBALgxaG5kojCbXkM6
+5m2WfKfW9zpwAROkzhViuGMiDFEQpy1BnplyHKXUD6CVlrBKGze+IKBvK99Owk9p
++vaBOWsBcm1N7DMZIUsmqIKq6kp1KpbR+SgqXrb7dz3B1ztGTwvPhzVV6zWQ7t2j
+4Luhyscar0IlzRgw4E2E+N+rzYknS1Z1UZa1fTeBOXPTCutbMoAjnoQuKQXNfPhL
+sAVPX6aEf43FlMGuZr0rseHvxw/oot17+tcVUopmeYgTy7kOLwGBsOeegbu/+esn
+Jog0JSsxvV1CrHlqMhBPthqtyv1yUpl5V+bCQ2vl3M4HWZEnVMdWXSeKsBBBt3c5
+/mlgo20CggEAN+EMHMR6Z90EjtLBt2yGmQZ75YwE7zAqgdCjq1MH1AIOA8aXXfQu
+NYGqsFBlQGT1qLu3b7chvJL5dwqjAdBtVudm5kevbdig+iYhOfn04uv9NwenZE9M
+pZSTpxWkRu2GA5LJp5bhXMjgHBZdCQzfXWwDZbfl7gU6uiOTcuYuhjdDoW2HkJTb
+50LucNptzTXZbU7G+2QKVwshtJbAHNaox4iX2UIExto4DNQyCMMPXd1JpNDQaydC
+Pc1XRuuNoeClqu4eVAHmZ1UffLbh0Dw+K0ZWKoA62Z1kZsajorFX1HM3rYKFIK8Z
+JY1OpVR18YT0dnRt/VdIaLZ09XJXuEhK+QKCAQBUc/smXF3q4srCfhWu8DayQcoN
+pg1fD+bI3b56jNbQh1jcWnYxLE9hzlSSAI/fdHDGoLaPx/A8iCzZD9xFrK4sJ7Hl
+/j7em54PZ3a/gbGrwO00scWZa2mahfw/PzPkbMQIJFMux8CT/xaTPx91Sn66zwDr
+cF2nHV1GMY4rdbRwVuaT3lgvDJSqmuxgFuqIOHcl7gq23OZMFcSlrl4793yemhxR
+6yyCwyqnf6373rF6KyiR1tk94s/4LfWDiOEvmi9KW5PVoVtoy9dgk6itBLFvWPQR
+gsUP+CrZPsekUbcfJAvovgwGnJz0Sa+WfwFSMlgazQkFAwKrrr978w6IdGQj
+-----END RSA PRIVATE KEY-----
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go
index c26b7e2dc4f..bf64e9ab5c2 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go
@@ -40,7 +40,7 @@ func (c *TLSDBConnector) Configure(opts options.ToolOptions) error {
 
 	c.config = NewTLSConfig()
 
-	if opts.SSLAllowInvalidCert || opts.SSLAllowInvalidHost {
+	if opts.SSLAllowInvalidCert || opts.SSLAllowInvalidHost || opts.TLSInsecure {
 		c.config.SetInsecure(true)
 	}
 
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go
index 90052cd3205..96622109e96 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go
@@ -48,6 +48,8 @@ var (
 const IncompatibleArgsErrorFormat = "illegal argument combination: cannot specify %s and --uri"
 const ConflictingArgsErrorFormat = "illegal argument combination: %s conflicts with --uri"
 
+const deprecationWarningSSLAllow = "WARNING: --sslAllowInvalidCertificates and --sslAllowInvalidHostnames are deprecated, please use --tlsInsecure instead"
+
 // Struct encompassing all of the options that are reused across tools: "help",
 // "version", verbosity settings, ssl settings, etc.
 type ToolOptions struct {
@@ -139,9 +141,10 @@ type SSL struct {
 	SSLPEMKeyFile       string `long:"sslPEMKeyFile" value-name:"<filename>" description:"the .pem file containing the certificate and key"`
 	SSLPEMKeyPassword   string `long:"sslPEMKeyPassword" value-name:"<password>" description:"the password to decrypt the sslPEMKeyFile, if necessary"`
 	SSLCRLFile          string `long:"sslCRLFile" value-name:"<filename>" description:"the .pem file containing the certificate revocation list"`
-	SSLAllowInvalidCert bool   `long:"sslAllowInvalidCertificates" description:"bypass the validation for server certificates"`
-	SSLAllowInvalidHost bool   `long:"sslAllowInvalidHostnames" description:"bypass the validation for server name"`
+	SSLAllowInvalidCert bool   `long:"sslAllowInvalidCertificates" hidden:"true" description:"bypass the validation for server certificates"`
+	SSLAllowInvalidHost bool   `long:"sslAllowInvalidHostnames" hidden:"true" description:"bypass the validation for server name"`
 	SSLFipsMode         bool   `long:"sslFIPSMode" description:"use FIPS mode of the installed openssl library"`
+	TLSInsecure         bool   `long:"tlsInsecure" description:"bypass the validation for server's certificate chain and host name"`
 }
 
 // Struct holding auth-related options
@@ -426,6 +429,10 @@ func (o *ToolOptions) ParseArgs(args []string) ([]string, error) {
 		return []string{}, err
 	}
 
+	if o.SSLAllowInvalidCert || o.SSLAllowInvalidHost {
+		log.Logvf(log.Always, deprecationWarningSSLAllow)
+	}
+
 	// connect directly, unless a replica set name is explicitly specified
 	if o.Host != "" {
 		_, o.ReplicaSetName = util.ParseConnectionString(o.Host)
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go
index fbf603c8947..6d2150df9fc 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go
@@ -7,8 +7,12 @@
 package options
 
 import (
+	"bytes"
 	"github.com/mongodb/mongo-tools/common/connstring"
+	"github.com/mongodb/mongo-tools/common/log"
+	"github.com/mongodb/mongo-tools/common/testtype"
 	. "github.com/smartystreets/goconvey/convey"
+	"os"
 
 	"runtime"
 	"testing"
@@ -422,3 +426,46 @@ func TestHiddenOptionsDefaults(t *testing.T) {
 	})
 
 }
+
+func TestDeprecationWarning(t *testing.T) {
+	if !testtype.HasTestType(testtype.SSLTestType) {
+		t.SkipNow()
+	}
+
+	Convey("deprecate message", t, func() {
+		var buffer bytes.Buffer
+
+		log.SetWriter(&buffer)
+		defer log.SetWriter(os.Stderr)
+
+		Convey("Warning for sslAllowInvalidHostnames", func() {
+			enabled := EnabledOptions{Connection: true}
+			opts := New("test", "", enabled)
+			args := []string{"--sslAllowInvalidHostnames", "mongodb://user:pass@foo/"}
+			_, err := opts.ParseArgs(args)
+			So(err, ShouldBeNil)
+			result := buffer.String()
+			So(result, ShouldContainSubstring, deprecationWarningSSLAllow)
+		})
+
+		Convey("Warning for sslAllowInvalidCertificates", func() {
+			enabled := EnabledOptions{Connection: true}
+			opts := New("test", "", enabled)
+			args := []string{"--ssl", "--sslAllowInvalidCertificates", "mongodb://user:pass@foo/"}
+			_, err := opts.ParseArgs(args)
+			So(err, ShouldBeNil)
+			result := buffer.String()
+			So(result, ShouldContainSubstring, deprecationWarningSSLAllow)
+		})
+
+		Convey("No Warning for tlsInsecure", func() {
+			enabled := EnabledOptions{Connection: true}
+			opts := New("test", "", enabled)
+			args := []string{"--ssl", "--tlsInsecure", "mongodb://user:pass@foo/"}
+			_, err := opts.ParseArgs(args)
+			So(err, ShouldBeNil)
+			result := buffer.String()
+			So(result, ShouldNotContainSubstring, deprecationWarningSSLAllow)
+		})
+	})
+}
\ No newline at end of file
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go
index 8fc9293bd17..008066f05ee 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go
@@ -15,8 +15,8 @@ func GetSSLOptions() commonOpts.SSL {
 	if testtype.HasTestType(testtype.SSLTestType) {
 		return commonOpts.SSL{
 			UseSSL:        true,
-			SSLCAFile:     "../common/db/openssl/testdata/ca.pem",
-			SSLPEMKeyFile: "../common/db/openssl/testdata/server.pem",
+			SSLCAFile:     "../common/db/openssl/testdata/ca-ia.pem",
+			SSLPEMKeyFile: "../common/db/openssl/testdata/test-client.pem",
 		}
 	}
 
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data
index b1d2933e3e1..ce1ad9da21b 100644
--- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data
+++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data
@@ -1,6 +1,6 @@
 {
-    "commit": "a7ddcd8fc366b071f3fa359d277677812cc5c2ce", 
-    "github": "mongodb/mongo-tools.git", 
-    "vendor": "tools", 
-    "branch": "v3.6"
+    "vendor": "tools",
+    "github": "mongodb/mongo-tools.git",
+    "branch": "v3.6",
+    "commit": "27c04a6448462549a61aa1403ad3a09dde2ec9b5"
 }