diff options
author | huan-Mongo <huan.li@mongodb.com> | 2020-09-24 17:47:41 -0400 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-09-25 01:48:18 +0000 |
commit | be850a07b04d1af6cae9f38800fa618a333b55c3 (patch) | |
tree | d9c3381c530bc58c62d6afc4884a8724867032e6 | |
parent | 82daedc0abbea3acdd22e99ba0c2639a297bc9bb (diff) | |
download | mongo-be850a07b04d1af6cae9f38800fa618a333b55c3.tar.gz |
Import tools: 5e7a60750012f5b1649ce39bca92802660e1893d from branch v4.0
ref: 39676d8c63..5e7a607500
for: 4.0.21
TOOLS-2589 [v4.0] sslAllowInvalidHostnames bypass ssl/tls server certification validation entirely
9 files changed, 310 insertions, 11 deletions
diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml index cea38be8eb4..f58aca77a46 100644 --- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common.yml @@ -274,7 +274,7 @@ mongo_tools_variables: mongod_args: "" mongod_port: 33333 ssl: &mongod_ssl_startup_args - mongod_args: "--sslMode requireSSL --sslCAFile common/db/openssl/testdata/ca.pem --sslPEMKeyFile common/db/openssl/testdata/server.pem" + mongod_args: "--sslMode requireSSL --sslCAFile common/db/openssl/testdata/ca-ia.pem --sslPEMKeyFile common/db/openssl/testdata/test-server.pem" mongod_port: 33333 # Set storage engine as mmapv1 for 32 bit variants because WiredTiger requires 64 bit support. win32: &mongod_win32_startup_args @@ -286,7 +286,7 @@ mongo_tools_variables: mongo_args: &mongo_default_startup_args_string "--port 33333" mongod_port: 33333 ssl: &mongo_ssl_startup_args - mongo_args: "--port 33333 --ssl --sslCAFile ./common/db/openssl/testdata/ca.pem --sslPEMKeyFile ./common/db/openssl/testdata/server.pem --sslAllowInvalidCertificates" + mongo_args: "--port 33333 --ssl --sslCAFile ./common/db/openssl/testdata/ca-ia.pem --sslPEMKeyFile ./common/db/openssl/testdata/test-server.pem --sslAllowInvalidCertificates" mongod_port: 33333 functions: diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca-ia.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca-ia.pem new file mode 100644 index 00000000000..5df2065cdc4 --- /dev/null +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/ca-ia.pem @@ -0,0 +1,77 @@ +-----BEGIN CERTIFICATE----- +MIIGuTCCBKGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5h +bWUxHzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRl +c3RDZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcN +MjAwNTE0MjIwNDA4WhcNMjIwNTE0MjIwNDA4WjCBmjELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5hbWUx +HzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRlc3RD +ZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvai9QUGngMN2KStKblKKL2wbmeje0 +ciFDqgKE1NeYnVXSb+2Gfh0GsfMlPAHLnrJJavxP+hlEtE7xAUzMXRpG+1UlF/9F +GoOVXbiD4kcJStnpAem1Rekdnno/BjHnXHi6ICcSzHIj79hZP1duwtBVpbsZL4ex +NxGJUbQI/HXP4Ii/a6PgVmr214I0Gvzv5vuqqyUzrTqXia5MPjs74Dx6vlxec1RP +KTweLCOQDv3qyYaTmp9zTflOUXQ5PZYCudhasegZBz/M3dZ/DKEHdmLbgZIEeMO/ +Q0aNeS2nv/6vrM/eNlxC9Pojl4ilJX+O91JfcrKBQHbsArc0YTeFI2MVtFVr9ZMc +1tDskKOciT4eBkyQ5Fxj6PXqY6drFGTU34v3agbMQ2MuOoEzuU0sa29aIHxU4f1J +mIHzBx2jQBMhNQoyV8/f/ww85hRI409vFTpKsksQUCphfoAzZkDgE1K1HTmm9EoE +ALpHYXed/9HqIhhPDvi5rM+YbO+oA8RMWIBfYYigXBbggpkRXJzj1Rszpog9LWvV +REZZt7/zMKFUVdA6ZX1xPq+YD2LI0GJQPKKFOFZlU8l4hgm28mXNu4cRWALFfQ2p +oyzqCXDrL8mg6PQMm31SeJYJVoHBxmK3GHm9Xmx/ATJdGzLKOWasA9AQ0ZB4N2EO +SEyiFmYiR3JfpQIDAQABo4IBBjCCAQIwHQYDVR0OBBYEFA1nxNTcT9PtIMze0tTW +om9ezkwiMA8GA1UdEwEB/wQFMAMBAf8wgc8GA1UdIwSBxzCBxIAUS5yyG3e0ez1O +UUuyICi2AEQan7ChgaCkgZ0wgZoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEk +MCIGA1UEBwwbVGVzdENlcnRpZmljYXRlTG9jYWxpdHlOYW1lMR8wHQYDVQQKDBZU +ZXN0Q2VydGlmaWNhdGVPcmdOYW1lMSMwIQYDVQQLDBpUZXN0Q2VydGlmaWNhdGVP +cmdVbml0TmFtZTESMBAGA1UEAwwJbG9jYWxob3N0ggkAmupop0NK8BQwDQYJKoZI +hvcNAQELBQADggIBALncufwQDoui6iUBMFwP7VM87EHmkYLfnKG2Jdmcb8zKZ2G/ +umS1glYpPtyFISzo3TZH2kY1x0pwFjuS9zjt+Y7OgmT0Ktqg8Z4iLD7Qf3bPe/2t +P1gbPyiLQsVoa1StaYYZ9pn/AO4Cm/LenwdtpQLDrR8GIS4GEpYLjSRMor83QlbV +rb7zJoUf13Ycu996rAoXyeDQ7CFiT9eHh9/7YewKW3c6eaWwSeJcMfOBqZSZiD0h +e95s2MeMcFhBQtWNnGWdja/PqP/7EgQ2h4ts1mmiPfchvBN06xOHivq43C0J/M7P +VsGJ2GoHZjRhaZ73J4Uq2sQqqQot+aJeKSFjrxEEajd1NAbRTF3HBturErOS2XT0 +WGMT2mzRvU7ATQyDtp3sDkrJfEhGIyOIqosnqvlgaA3aEHF83FRbtaUi1TElURc5 +u8ter2eSQbjPRADpY/ox26Oca//DeSm3eEa6zTWTYxD2MPE5EPHtoljVxpDipxkv +XDOwXi2sR6oQMdz11W2jYibVOY4thFsm+FtfIa5jg7ycG9ASuvAupkU5auKU8W+Z +iDDJI3gHyiD3AKvaoBHIpSTVVQlKryTbo2IIbeerrimxfPjy2mSBsec463KUjpoN +50WdDp2BcCQqN+I0GEp4zcGLO4DqzOBaeWxy7jCQRVKfv8V2zKZ2X1w2u3Nk +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGwTCCBKmgAwIBAgIJAJrqaKdDSvAUMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxv +Y2FsaXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEG +A1UECwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2Fs +aG9zdDAeFw0yMDA1MTQyMjAzMzNaFw0yNTA1MTQyMjAzMzNaMIGaMQswCQYDVQQG +EwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxvY2Fs +aXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEGA1UE +CwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2FsaG9z +dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMwgKFmX/uEl/PeSeqzT +HeEyoDr0F7u6sbkHFciH7Jfo/6X4eoCannF9HV6I1enHBy5tDl6+otaSYq+3bPNt +QgHIFjXwGO+lPV6eVv14eA5LOl8Qx3oAQsZAf3Xqdtbr6M8BdkIvATcZMkhGrGNh +X2IuRi2HlyRNlYv50kzI+MBvW0tBDx3XuSBeRcdTEqKr+TIuuV75tGekfto/YMfW +nTbivL7t51B97nhc8aHMP/TfXwkNbEIvTuNAFZRhB23irfkV9X+MtawytZOLxL+r +I0dQj3RE/ltZK04kNXT4MUt0QiWqOi+Y7ATOAyaP3ZN+IRtYCNE2R5o3a4HCGS0n +i0Lm3KPZzHt/iYfyX8l/kG8msL6mhdnKL99skEZO3aFGfm80MGWfMxx0NcGx62/J +APV9mrbusMk34BwNjjpVsb+Gx3Y7gGFxYvSj7HYyoldk0bH79noUEeAKKzMJFxS9 +MvX5/t+7tB9Ulbvz/nrd1sk/JuVIo8+HczmThrIYbci+sA89NxIHzDywkMEqj+gr +8Qx5W0gWhT19MJiwdCqQQFl4OnBxqglKaFoAWIVIgKkYZvhAqd7cUWMMuvSL0yvD +8+cdT/jomTLoYM439O7xDvMxbuyCh+CPzxPl6UkPCzsG/1SOgSJFxX8/CRWgQOTp +iJ1a34+Z6sn/a1jGYOAwnHNrAgMBAAGjggEGMIIBAjAdBgNVHQ4EFgQUS5yyG3e0 +ez1OUUuyICi2AEQan7AwDwYDVR0TAQH/BAUwAwEB/zCBzwYDVR0jBIHHMIHEgBRL +nLIbd7R7PU5RS7IgKLYARBqfsKGBoKSBnTCBmjELMAkGA1UEBhMCVVMxCzAJBgNV +BAgMAk5ZMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNhdGVMb2NhbGl0eU5hbWUxHzAd +BgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUxIzAhBgNVBAsMGlRlc3RDZXJ0 +aWZpY2F0ZU9yZ1VuaXROYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3SCCQCa6minQ0rw +FDANBgkqhkiG9w0BAQsFAAOCAgEANMKU0hTWibbZJ2YgMWZfxyXJL/RmsUYr30lC +4FpzGQ1RZX8Gf4ewKvouyk+14z1x7wx5U78Gy0ahcP/Ek0Od2+hW6t36ImtJIk1Y +bOP3il02as1TRwNeZ3P6XjKZ61MoW4QBg/ekJLZ84yIY6ZcJYGR9N47nM3Mqgt/Q +myMa862VPraoiwXx52DTITNG8G4w0YKB/bwQuR8xfFZYzvEaFpc2XDFiY333jmLq +iEAnMBFjVdgGVTbaGtdaiswnRwZEqJzxZbwNpjfeqL1/G2geMWO8BHXRbtRydizG +iCmPqO+wUjbsazgydK9KXtpp/qwDsSPOuNE16W8nEv64rPNpGmATi7e3zdSHAtsz +nq5ggZsVEy23Pc8HtLOaLruMCx/R0EVq/1vY7OVfT/fjCDNkUbp0cWfsFLbTGReg +qucgU19sGElq+yOvD7yF/Cet5d+jFB7bavot2/rHrNywvDYo7Y46FnOnyeCogeD1 +ozyHl6tb7DepnRIh0lP6HJUdjr61tBgcQ0yZDInkde5bAvKLPwOsWCKI754We5Np +p/Db5UB8tAU1dSnC1tsP4ktClzbAnZfN3iYZPVKbg+s868cl9ujutWg7EuHEDlWJ +Sv/UL2kVgWJs3AbKy+qhQOiK7+Qm0xEVvhNXaCXGBH903etaX8yV9T2qHLLg57ph +z51DrF0= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-client.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-client.pem new file mode 100644 index 00000000000..e7334b36649 --- /dev/null +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-client.pem @@ -0,0 +1,88 @@ +-----BEGIN CERTIFICATE----- +MIIGYTCCBEmgAwIBAgIJAL+8WDUncZFZMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxv +Y2FsaXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEG +A1UECwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2Fs +aG9zdDAeFw0yMDA1MTQyMjU2MzRaFw0yMTA1MTQyMjU2MzRaMIGMMQswCQYDVQQG +EwJVUzELMAkGA1UECAwCTlkxJjAkBgNVBAcMHVRlc3RDbGllbnRDZXJ0aWZpY2F0 +ZUxvY2FsaXR5MSEwHwYDVQQKDBhUZXN0Q2xpZW50Q2VydGlmaWNhdGVPcmcxJTAj +BgNVBAsMHFRlc3RDbGllbnRDZXJ0aWZpY2F0ZU9yZ1VuaXQwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQDCxxLZEQlJ8WKABPr7d74ra/Mqh6dPwk0Zos5A +r3JIlq6/OJ91k0GjgewQn8N/Jhr3BYhlscXhuB1C0gI7agbi58fU8TMOvcqsDM3G +T9XehOedls5HMBmxkz6l6KXcCRHamhQv09nyBw3VOkoby/AoMdwCZgJIAOGfw8Lp +dAO71X5llzDPKVQtpA8NQF7uZq6Qv72Papf5OgxN5LwOH1IXW2Yd+Y/j4p0Z7j+x +31zJ/1Don31CQZK2b7qDojh3X0DH5HO883fw8Q1j9PQc7pPJ4OoXK170cycwln/o +fsKQsGlaXzJcz0F3XO3xlpgA6ScfJ4F/92kB34IlutFbxacNjoLa1QeolwNYcoO2 +cdL/4XHpgQgwblOcBnSkJoakYeVBwRVaRUxmG8b9bBzLXtOy078naFED6Q6LzP7+ +cT9ZSPdOxk728JMpjIsEFAi5Fpv/nVuGx9/+xIOF1w/Q+Y/nvvThEGc7X08WtLeJ +tKFTE7OWX+UVeuR4g8UEYEdAGQzstBaDjVtLGky57QY7HZaNbWYUPu6As6HYKazK +xBXDFs2Cpg8zIroTwjBh7+F56bq06xGZnXX/iXUULKwgwOaAN9cAd5dLX+PFPO9z +R2Mt5UWYtUL4295JGabDPqI0nDWmv8Omtbat4cHHajAePUn28jy5+32zbt2Bqe/T +R9/tdQIDAQABo4G1MIGyMB0GA1UdDgQWBBQMaRN+ZH/PO1MrfSYYsOoSRXuR7jAJ +BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDBXBglghkgBhvhCAQ0EShZIT3BlblNT +TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgZm9yIFRFU1RJTkcgb25seS4gIE5PVCBG +T1IgUFJPRFVDVElPTiBVU0UuMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAgEAgCSb//bj5EOp6v8mvmn688e34DHRevkrBfUt +SrVyO7vsuZvb0xa8nAKnvpH6h85n5S6VDBKznQndYOPYX1w7QeJK6ZHJYNv9wRs3 +9bO7hT9LiRIas+DwEAheW9KRC2U1xtHNlr5UnkbWqfK0n4u/b1oJKA2wz0wl+B/k +tbZgEYaa8RIMc0uOel4hzaYUygXKNL8JXoDGzXKqcUO/a7tCW55CQQW8o5NT8sTX +wwGyNl3vjxxjL3DDJd8HdE3pqnh3Q8sYihipF6K6KGfAj6N4ZH1lZfwP+n7C5vHf +w5XXhrJ0il+psjSbnGWtZx5GOC1axx1xUxfOMGY//iiwnzSqXfghBX2eMHix1RuB +4vmLDI6l/t2LfI84Xm+BYrOed6jkb2pfGsK9WK8jzeEX6zkZSDBeHU7ztD7/Jc3p +Ggl9vRji4Gdqf1rXfiy6P3ke8rVFEoWT73Ocqa+pPhVUhVt4VPnG7dxw3hIA+WOX +GUOkdG5BLBByhixgTv/dK6B5ka+Y4qfFHRB+DvlMnmDRu+q3fhpAsG2ED6xapLOa +eDRJYVtFPlgtGzT+b38tnbWHDzk7OCjJdRGF9x+gBZuLsxfhJ4wKcFrbwie+aypj +5QrzX7X9PG36YCcQPxvzHDwH1OGJaqcd/ZUwHxCapPGamC2jSM5ATzhgTNTFDxVh +On1Mo4o= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAwscS2REJSfFigAT6+3e+K2vzKoenT8JNGaLOQK9ySJauvzif +dZNBo4HsEJ/DfyYa9wWIZbHF4bgdQtICO2oG4ufH1PEzDr3KrAzNxk/V3oTnnZbO +RzAZsZM+peil3AkR2poUL9PZ8gcN1TpKG8vwKDHcAmYCSADhn8PC6XQDu9V+ZZcw +zylULaQPDUBe7maukL+9j2qX+ToMTeS8Dh9SF1tmHfmP4+KdGe4/sd9cyf9Q6J99 +QkGStm+6g6I4d19Ax+RzvPN38PENY/T0HO6TyeDqFyte9HMnMJZ/6H7CkLBpWl8y +XM9Bd1zt8ZaYAOknHyeBf/dpAd+CJbrRW8WnDY6C2tUHqJcDWHKDtnHS/+Fx6YEI +MG5TnAZ0pCaGpGHlQcEVWkVMZhvG/Wwcy17TstO/J2hRA+kOi8z+/nE/WUj3TsZO +9vCTKYyLBBQIuRab/51bhsff/sSDhdcP0PmP57704RBnO19PFrS3ibShUxOzll/l +FXrkeIPFBGBHQBkM7LQWg41bSxpMue0GOx2WjW1mFD7ugLOh2CmsysQVwxbNgqYP +MyK6E8IwYe/heem6tOsRmZ11/4l1FCysIMDmgDfXAHeXS1/jxTzvc0djLeVFmLVC ++NveSRmmwz6iNJw1pr/DprW2reHBx2owHj1J9vI8uft9s27dganv00ff7XUCAwEA +AQKCAgEAr3HRsGSAEXK0XswdptU9Hq+l4PE/68AA4s6bKfje4DOaQ/Qk7isuPLGS +iYbe+XDBaTA6pB91NtQ4xy+TgyEGAuz0OwLoEqcyH7eIwtC2vDDK0FA+jjDtc95F +1/uvKnug8V9IP6x77F4eP6q5hkA0moAOxLpN472nfdk/gDlYA6FSsP92n6OCh3n3 +dOA+ok8rfoa3oK9LJNr8qk0Wd0IPF6rkWKuqyIIfMHRCO14OnoSzxFWk5kFafao2 +PsuoQR4zo9pLxi8oIod+oELMgCMGTBmjwir25Qm0izeFD07ewqWkwBpvqtmlBndW +fP5A/NEGxDE5nKKmm2FQQdv9KMToquMNsVrF8n4pwVExgeZlvmKCMsgIf20x0QyR +LqLNGwY/KmOMjI9rq5dBwPqE0FUmY12yU+f2znJ+cgsiw50D5M+0HCzfYzooH4qK +KOuNuVyVFFBsRRWUDFF/8twtsCp8W2/Tf1xJV9iImD4tqbzmsyGLkGAMxR5PT6e6 +Ce7ibNmqFmR73lsPBPaKhYMkSt4WP6m9dkvXk71cMzUK6irPt6q48eaB59CpsCO/ +FEgqLzkptEsJGzBYGadLaMBT8C1z8af58q55IEZ8lg+ZXxKh4PflUEuZFrYbuJqw +9Cut6Ojrtar6wpwqbFoKpu/NTD/EkLB1qzbA0RNcusRzk7iw9wECggEBAOP9bEAG +/IsHVJ717w4dCrV02BzXlxl5eUgf0q39CGd9jic94tt3N34dY9l3k28yp3WK+Wx0 +ZUCkm0izG3SpQVSbMv9MrfHH7OIIRTtXnpu6cP5JBeoNpc2RJrhDZDcR0CW6GigQ +NvUiHYGCuvQc9rzp+XGNlngmiTGZUf+GiqvBVzHVrCOX2uFNdPKxTxM9rnQqO1FG +wdLsMK/4W3y7o2UuL0Gpe8cEcb8+oy0n8/IUSZeMXaxb26HMPoj5d51447bKfuaU +P3He7UlXhLwIHJ3vB8GDj/GMRr2SiciCanym+lOh8zsjwokl7cN5m0SGWLcwRqN+ +gZfN0koMTSSWa70CggEBANq1FMJ8/TXx0UQNFsSBhAllpQAn0u6SVCdEoyxM+atm +RsHQCqsN/wn8V3+tiE+zHgPfhYoFqyRIDzaZDKdqwQhoi+arEP53la1HXuU4zSOi +hBXkuCjA9UR3m9CzvT8xxsfB8dLlhLOVkdHvoUsCgSWz2iYJWFCKCvm7E3HxDfsF +XXN22KHN2J/mIlRjFd6yzhzgQfBENowg0Y187eItz15tADNcC03lKKqVoo74JZw6 +2N3IlL/thC5FySI84CfQ+eF62mnck9L40e52HKJRguQE96O9UXdfKdjl2EQfWnOQ +WEwkjm5o1ZviB62iGDMCnmHglSZ47u8LLt3MCTlviBkCggEBAMYe+I3fRGCwmxmU +EAxMsnyjMBZIRvcNN5a0iMlHhKEiW4DAZ75dqCyA778QCV/tPdaIUV2s/Dwjjwmr +E2Xam3ohcDyo7tOX78MwerEp4Bvl9cETxf7xoy6zP1mKvrCYWzAdvBMqnAeDgO6F +o171OHlMPccuyh5ZJomieb46tZCx78rPqso3cS6ut70a1eObi1lJRcjIWzCmrVyN +zzrieAg6DTjbRkPZGdueXACmonewp475nIFmRcMhkQpI92gxoHi9GW/YThXvKna8 +hg08Y1nfWPcSE+lNBEBC8lb69fyiwhAhQRQYbDnwauCecY4nzTpLymbTTVyUsHRG +olb0HGUCggEAEFNMBWiHDivKzyWa+XghfwITWvueByjtFzFMbNYiHOU5iuYYpcQZ +sYkgjutJLYnVR7y7nx3lNIQcfprWEvkpB5OmPcWvMw+CILkfIEUpKuvKqEe2Z3Rf +2oiDHQUNr1Xr3KVhg7iWO0GC7QTSKWM6eLIAKq6v5PMo9pM8VFkGDiLMYv4QFaPj +86ueDGaJD2KReB5VTbYJzFP20HTu3N9Gh2njhfHs9heQ/YrF454qUIsj/Qon8Fuu +bjXPWbrpkI9M18Pv4c8RScJBCWfPo14qQxML2TEcj6iO2x3tEsi0W8P+k1B3QU6a +A1TP9eoPnF8pq2y0NXb5fuZ6zRuZ5KuqoQKCAQBzFS0ziD9A2WNcSwkjomuZtlDi +roXDETgBQnX8pWCo1YO8p+OrC/Av2p69pHvhb7v28kB+oRvjbhbQ9BTmwuN9OsLC +0gXsXuIBeJn+W7QuyyagRxUHrnfnhzVvmHUDRogdtwjw6ffpzdZ3CySZklAw2Qoq +C9j4YZYjPd7tQccoSSpb8tNS27etoalTx2Dohqdj4yanUpD8bPUNaRl4VE7vi2aj +2YPNDX0LxfPpgYwXAdDc8v9ZMQdee6nvWQ8gS16YjY3MCQdf/clpfkAoDPXFZ7H5 +huPOQXfp5IZbaiJ4N+GmNi4ZpfvYTThSjBb/ulprGIA3oo0x/gmpwcAgidub +-----END RSA PRIVATE KEY-----
\ No newline at end of file diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-server.pem b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-server.pem new file mode 100644 index 00000000000..fda97c23bff --- /dev/null +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/openssl/testdata/test-server.pem @@ -0,0 +1,89 @@ +-----BEGIN CERTIFICATE----- +MIIGmTCCBIGgAwIBAgIJAL+8WDUncZFYMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTlkxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxv +Y2FsaXR5TmFtZTEfMB0GA1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEG +A1UECwwaVGVzdENlcnRpZmljYXRlT3JnVW5pdE5hbWUxEjAQBgNVBAMMCWxvY2Fs +aG9zdDAeFw0yMDA1MTQyMjA0MjBaFw0yMTA1MTQyMjA0MjBaMIGuMQswCQYDVQQG +EwJVUzELMAkGA1UECAwCTlkxJjAkBgNVBAcMHVRlc3RTZXJ2ZXJDZXJ0aWZpY2F0 +ZUxvY2FsaXR5MSEwHwYDVQQKDBhUZXN0U2VydmVyQ2VydGlmaWNhdGVPcmcxJTAj +BgNVBAsMHFRlc3RTZXJ2ZXJDZXJ0aWZpY2F0ZU9yZ1VuaXQxIDAeBgNVBAMMF0h1 +YW5zLU1hY0Jvb2stUHJvLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA5VGWSyzDu6A2t8qx8SuqnFqI0hto7Udak9zTeSDy9SjbtRvzlPuruKFF +aq1atVJAuzIxzMaV0LLy70EH0LapBEmS+kFzQHwVSo06JaZwGEmWkrD13MW97Xva +nargF4a8o0O3ZUL73/9SyeF6o7J1eJd9hVRY+YVez2HTbAr9AfObRGmhBKky3NdR +SNuIT2aTS9eWsiJ7dexr26k5XIMoDQ7agvw+YvmrhAjsyeL8PkLY4U/8Rnb4PYtY +/7VHkPNvN7Cd+A8GmWZAQGvEeX2VfYgjXUP+8+UrvOVpErtSGzzNNt3q17/qan2p +mrmHl+lL4epy2f1if1aVT4CiEeqMa81yYiNpbeA6RIDd39bH5IsJOqy+vBqdwILq +Pz0iDxm18DxUmcPcvLEPDiGOWRKAqvDmNZpIzTbbK9BzWRzaKdAxkIZVT406I70j +Fp8QKcmfhN1LUg1YV30MnJjjzvVH3wTbM/a7kUSf2uPM1Eb5Ag4z9Q0s7zKjalTB +qQDMUREPWMA0gufblfyFAYMhHDrqQdzy/JsCTkjtCngUgS/lwzunpA03gHRnq3DF +IfVn9tTZzopJyCyeku7BrNGBW01DdkKdfMpKgiavIXRaZrg6KqrsngKPQjxijIqZ +ixJSgHBQVd6fw040bAJsHtLQrpvbF+r6zKVKMVngxyOvfHe07acCAwEAAaOByzCB +yDAdBgNVHQ4EFgQUh+CUXhE6z6rdlr4/zGgmIqrlYzgwCQYDVR0TBAIwADAOBgNV +HQ8BAf8EBAMCBaAwVwYJYIZIAYb4QgENBEoWSE9wZW5TU0wgR2VuZXJhdGVkIENl +cnRpZmljYXRlIGZvciBURVNUSU5HIG9ubHkuICBOT1QgRk9SIFBST0RVQ1RJT04g +VVNFLjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwFAYDVR0RBA0wC4IJ +bG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4ICAQAtyk+ncTEqkeCb/gvJTHZdqw1h +e4J18kemOvtlypWeRfRTWgUKpaI6tMCQUG5XsWIxuawxchncdqJVJkAG45zeI7wQ +kcIOA/Wk/RhCsnJ1hZufPn+p+CZPG7Y++ySKBjNZ53kkdyVytdO9AoK6knH0NQ5m +3epsjBtyJAUczUR8pu/WaFmufxlxprqQdsRiH0QK6wpNfcGFUQ1Wg6sijlrfb42e +IsBOsLIcZ0sCVG8QW3EAp99hiytuAbxpdAqRyH7/JvE2wPrhvw3tuyBCkehdJAqk +/dfkJpwV9Rz/e/+R9Akw1D5WHZIBL+jGr/dMSKQaSMApw/s4F5ZZWOdK6S47rJNO +5jyg6WdHpcoE5i0b/6jA6JtNUDJvryhzU99nx+9pnhob9GmdNL7kh10qqkc7CX6Z +mmENaN94Yt8jbNSj8b7YcVshC3OH1PW7spvSarOiIPVUsORO6zF9HRELdjBpICyS +hnmIcgbZsjzNRyeNFVw9YOygpREurfZToUkegv1sHVMyY6nxPNjBl2KZP2Z2jApJ +mH8Jt8uE8Y6qa2ewdvehch7DoecuZBrY0qt9wWNjxJpBT6RJkHvNMbpbGwhK94zP +2bzWjzagWEJbJlpltJchZba3rPe2I5rrSeOgri6D585Dvz/aUEu3Z/bEhpDw5UTy +4HzTvJAU7K4T5Ku+Yw== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA5VGWSyzDu6A2t8qx8SuqnFqI0hto7Udak9zTeSDy9SjbtRvz +lPuruKFFaq1atVJAuzIxzMaV0LLy70EH0LapBEmS+kFzQHwVSo06JaZwGEmWkrD1 +3MW97XvanargF4a8o0O3ZUL73/9SyeF6o7J1eJd9hVRY+YVez2HTbAr9AfObRGmh +BKky3NdRSNuIT2aTS9eWsiJ7dexr26k5XIMoDQ7agvw+YvmrhAjsyeL8PkLY4U/8 +Rnb4PYtY/7VHkPNvN7Cd+A8GmWZAQGvEeX2VfYgjXUP+8+UrvOVpErtSGzzNNt3q +17/qan2pmrmHl+lL4epy2f1if1aVT4CiEeqMa81yYiNpbeA6RIDd39bH5IsJOqy+ +vBqdwILqPz0iDxm18DxUmcPcvLEPDiGOWRKAqvDmNZpIzTbbK9BzWRzaKdAxkIZV +T406I70jFp8QKcmfhN1LUg1YV30MnJjjzvVH3wTbM/a7kUSf2uPM1Eb5Ag4z9Q0s +7zKjalTBqQDMUREPWMA0gufblfyFAYMhHDrqQdzy/JsCTkjtCngUgS/lwzunpA03 +gHRnq3DFIfVn9tTZzopJyCyeku7BrNGBW01DdkKdfMpKgiavIXRaZrg6KqrsngKP +QjxijIqZixJSgHBQVd6fw040bAJsHtLQrpvbF+r6zKVKMVngxyOvfHe07acCAwEA +AQKCAgEAq2Uidwd7OAYUP6RxAPeJKhmEv70a3JYDPhbDvHoC/XfPVvsQQN8lxvZK +ouP0sydKGF/41rvqh7ToXCh3xehwRTMUdpVqpdzYMQODXVab25tMvlEjQiJNxW1X +xZZMrWjYHxLixP2eshnsb9VmS2l74WkguQGFCuJDLa9JTSydU9MWzrhAT/KCgIsy +RslGhUn+d6YoDPY23rmZF/HQXLPuwGvEqDgODP3c0u+0w2Qy8foWjbixrp0HB0Da +gSyl09IO40nPl/LrFMZW6Y9ipwdVLyEMhY3nxbUYzrOMqCJ3yMHWA9czypO3imZn +2Kwoi0MkozMPKpz2/IPjTyuudsOetR385rNLSAwSDPJiEu+oiC5+iyMdohfdeSJI +11ttMGXs0FVR9eKOiMJJVhtMA4YTP29BkEvBHuWQjrpmPh2+FX1+EVr8mQbmDxlk +lqbYYVyclUmg9CJ3fdwJia6v88gVIcmJLJGYqtjFoMFbf24qMP8+Vz3ck86n5l6x +pHFKR9S4j8yGue70tFYWWkiUamJOfsDavqyDxpiR5Vwz+W+enpkao7KpZPIGfhM8 +g0ioCEA40Yq4grPGzByCSxOqE5RMsEY9iBY14EHXNESvFb+LPWozpyrxkaXwy7Zj +pFJn6SoYjhO952BhTDal95bcA45dcE7o2VO3x4gSUa7pF8PhbYkCggEBAPWmPltO +pp3dyd2yQGxXbVVduCBrgC2Kc5GKvlAKf94kr8Hy1w29vFQLF+jloYUXWgOfVZ78 +1uTzSsMuPHwcsYp6a5cqdcVxFarzECQGoahs7Pg5o0WKBRTCw3TUIs4l3UOAog/F +Eq8M4qW/0idi9OHkOY8S8Wh8nSGHnvX2/m0vXLOl1ZBFs+T3ChikvRiy52RfPlSj +FZ0wWnePuf1RtKDev4X/21zq3gQmJkGzT5rPIjt0iHE8CZrY5FXRWmT6/nYqXaRx ++FU8fwYdxp6EpsNXEbuuzak77BIzaNUxaQ5WklrHyp0T4raJgNCRfSEsbnSNiMO1 +qzcRh00CW6cUTj0CggEBAO77MEbXsRZgTKTGVyyKsSyn8TuJw6U0nkVID2+Bn325 +3o1XY/oLkCp/XlIcStrzNEi6CfJ6T5Tk52A6K6Sko3BGh1hiMSQEyqeT77Jnjp2V +fGiXy8925QShmWushuz8RgyTf99mME7BVa78E4CqrHFBTM8S1poDfL+e7qrT2oTO +yDbQgVacLJK5dop47XvicPvtXHPsDHsL1xl3oBoKYnei+L9HiO96VckCL6k2/2n+ +HuhRnKIbnw6gmCk13mlrHDE+xKEue4KQlfttxByRYXyzYLUQdgptsNE1KjAP8jKR +vmRFik+XHjcJW8rcTeHYI72Xsj9Ni1OTtRbooZ9frbMCggEBALgxaG5kojCbXkM6 +5m2WfKfW9zpwAROkzhViuGMiDFEQpy1BnplyHKXUD6CVlrBKGze+IKBvK99Owk9p ++vaBOWsBcm1N7DMZIUsmqIKq6kp1KpbR+SgqXrb7dz3B1ztGTwvPhzVV6zWQ7t2j +4Luhyscar0IlzRgw4E2E+N+rzYknS1Z1UZa1fTeBOXPTCutbMoAjnoQuKQXNfPhL +sAVPX6aEf43FlMGuZr0rseHvxw/oot17+tcVUopmeYgTy7kOLwGBsOeegbu/+esn +Jog0JSsxvV1CrHlqMhBPthqtyv1yUpl5V+bCQ2vl3M4HWZEnVMdWXSeKsBBBt3c5 +/mlgo20CggEAN+EMHMR6Z90EjtLBt2yGmQZ75YwE7zAqgdCjq1MH1AIOA8aXXfQu +NYGqsFBlQGT1qLu3b7chvJL5dwqjAdBtVudm5kevbdig+iYhOfn04uv9NwenZE9M +pZSTpxWkRu2GA5LJp5bhXMjgHBZdCQzfXWwDZbfl7gU6uiOTcuYuhjdDoW2HkJTb +50LucNptzTXZbU7G+2QKVwshtJbAHNaox4iX2UIExto4DNQyCMMPXd1JpNDQaydC +Pc1XRuuNoeClqu4eVAHmZ1UffLbh0Dw+K0ZWKoA62Z1kZsajorFX1HM3rYKFIK8Z +JY1OpVR18YT0dnRt/VdIaLZ09XJXuEhK+QKCAQBUc/smXF3q4srCfhWu8DayQcoN +pg1fD+bI3b56jNbQh1jcWnYxLE9hzlSSAI/fdHDGoLaPx/A8iCzZD9xFrK4sJ7Hl +/j7em54PZ3a/gbGrwO00scWZa2mahfw/PzPkbMQIJFMux8CT/xaTPx91Sn66zwDr +cF2nHV1GMY4rdbRwVuaT3lgvDJSqmuxgFuqIOHcl7gq23OZMFcSlrl4793yemhxR +6yyCwyqnf6373rF6KyiR1tk94s/4LfWDiOEvmi9KW5PVoVtoy9dgk6itBLFvWPQR +gsUP+CrZPsekUbcfJAvovgwGnJz0Sa+WfwFSMlgazQkFAwKrrr978w6IdGQj +-----END RSA PRIVATE KEY----- diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go index c26b7e2dc4f..bf64e9ab5c2 100644 --- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/db/tlsgo/tlsgo.go @@ -40,7 +40,7 @@ func (c *TLSDBConnector) Configure(opts options.ToolOptions) error { c.config = NewTLSConfig() - if opts.SSLAllowInvalidCert || opts.SSLAllowInvalidHost { + if opts.SSLAllowInvalidCert || opts.SSLAllowInvalidHost || opts.TLSInsecure { c.config.SetInsecure(true) } diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go index 90052cd3205..96622109e96 100644 --- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options.go @@ -48,6 +48,8 @@ var ( const IncompatibleArgsErrorFormat = "illegal argument combination: cannot specify %s and --uri" const ConflictingArgsErrorFormat = "illegal argument combination: %s conflicts with --uri" +const deprecationWarningSSLAllow = "WARNING: --sslAllowInvalidCertificates and --sslAllowInvalidHostnames are deprecated, please use --tlsInsecure instead" + // Struct encompassing all of the options that are reused across tools: "help", // "version", verbosity settings, ssl settings, etc. type ToolOptions struct { @@ -139,9 +141,10 @@ type SSL struct { SSLPEMKeyFile string `long:"sslPEMKeyFile" value-name:"<filename>" description:"the .pem file containing the certificate and key"` SSLPEMKeyPassword string `long:"sslPEMKeyPassword" value-name:"<password>" description:"the password to decrypt the sslPEMKeyFile, if necessary"` SSLCRLFile string `long:"sslCRLFile" value-name:"<filename>" description:"the .pem file containing the certificate revocation list"` - SSLAllowInvalidCert bool `long:"sslAllowInvalidCertificates" description:"bypass the validation for server certificates"` - SSLAllowInvalidHost bool `long:"sslAllowInvalidHostnames" description:"bypass the validation for server name"` + SSLAllowInvalidCert bool `long:"sslAllowInvalidCertificates" hidden:"true" description:"bypass the validation for server certificates"` + SSLAllowInvalidHost bool `long:"sslAllowInvalidHostnames" hidden:"true" description:"bypass the validation for server name"` SSLFipsMode bool `long:"sslFIPSMode" description:"use FIPS mode of the installed openssl library"` + TLSInsecure bool `long:"tlsInsecure" description:"bypass the validation for server's certificate chain and host name"` } // Struct holding auth-related options @@ -426,6 +429,10 @@ func (o *ToolOptions) ParseArgs(args []string) ([]string, error) { return []string{}, err } + if o.SSLAllowInvalidCert || o.SSLAllowInvalidHost { + log.Logvf(log.Always, deprecationWarningSSLAllow) + } + // connect directly, unless a replica set name is explicitly specified if o.Host != "" { _, o.ReplicaSetName = util.ParseConnectionString(o.Host) diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go index fbf603c8947..9c4c580f1e1 100644 --- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/options/options_test.go @@ -7,8 +7,12 @@ package options import ( + "bytes" "github.com/mongodb/mongo-tools/common/connstring" + "github.com/mongodb/mongo-tools/common/log" + "github.com/mongodb/mongo-tools/common/testtype" . "github.com/smartystreets/goconvey/convey" + "os" "runtime" "testing" @@ -422,3 +426,37 @@ func TestHiddenOptionsDefaults(t *testing.T) { }) } + +func TestDeprecationWarning(t *testing.T) { + if !(testtype.HasTestType(testtype.SSLTestType)) { + t.SkipNow() + } + + Convey("deprecate message", t, func() { + var buffer bytes.Buffer + + log.SetWriter(&buffer) + defer log.SetWriter(os.Stderr) + + Convey("Warning for sslAllowInvalidHostnames", func() { + enabled := EnabledOptions{Connection: true} + opts := New("test", "", enabled) + args := []string{"--sslAllowInvalidHostnames", "mongodb://user:pass@foo/"} + _, err := opts.ParseArgs(args) + So(err, ShouldBeNil) + result := buffer.String() + So(result, ShouldContainSubstring, deprecationWarningSSLAllow) + }) + + Convey("Warning for sslAllowInvalidCertificates", func() { + enabled := EnabledOptions{Connection: true} + opts := New("test", "", enabled) + args := []string{"--ssl", "--sslAllowInvalidCertificates", "mongodb://user:pass@foo/"} + _, err := opts.ParseArgs(args) + So(err, ShouldBeNil) + result := buffer.String() + So(result, ShouldContainSubstring, deprecationWarningSSLAllow) + }) + }) +} + diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go index 8fc9293bd17..008066f05ee 100644 --- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/common/testutil/ssl_integration.go @@ -15,8 +15,8 @@ func GetSSLOptions() commonOpts.SSL { if testtype.HasTestType(testtype.SSLTestType) { return commonOpts.SSL{ UseSSL: true, - SSLCAFile: "../common/db/openssl/testdata/ca.pem", - SSLPEMKeyFile: "../common/db/openssl/testdata/server.pem", + SSLCAFile: "../common/db/openssl/testdata/ca-ia.pem", + SSLPEMKeyFile: "../common/db/openssl/testdata/test-client.pem", } } diff --git a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data index a6b680a634b..cff8e0d02b7 100644 --- a/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data +++ b/src/mongo/gotools/src/github.com/mongodb/mongo-tools/import.data @@ -1,6 +1,6 @@ { - "commit": "39676d8c639a98d4005e6ca08ba24fa1221cdff3", - "github": "mongodb/mongo-tools.git", - "vendor": "tools", - "branch": "v4.0" + "vendor": "tools", + "github": "mongodb/mongo-tools.git", + "branch": "v4.0", + "commit": "5e7a60750012f5b1649ce39bca92802660e1893d" } |