diff options
| author | samantharitter <samantha.ritter@10gen.com> | 2016-09-13 15:53:47 -0400 |
|---|---|---|
| committer | samantharitter <samantha.ritter@10gen.com> | 2016-09-15 15:53:51 -0400 |
| commit | 872bf6a043101ee3fcdc78bfc3643c81c270fd9b (patch) | |
| tree | 707e1daa8d7f2cd1dc3952807ce679bb8cbc765a | |
| parent | 5b0901ea6a1b9b90d2cee8263b8c60013d7c6979 (diff) | |
| download | mongo-872bf6a043101ee3fcdc78bfc3643c81c270fd9b.tar.gz | |
SERVER-25151 Test that ssl option in the URI is honored by the shell
| -rw-r--r-- | jstests/ssl/ssl_uri.js | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_uri.js b/jstests/ssl/ssl_uri.js new file mode 100644 index 00000000000..d3edcac2dbc --- /dev/null +++ b/jstests/ssl/ssl_uri.js @@ -0,0 +1,66 @@ +// Test that the ssl=true/false option is honored in shell URIs. + +(function() { + "use strict"; + + var shouldSucceed = function(uri) { + var conn = new Mongo(uri); + var res = conn.getDB('admin').runCommand({"ismaster": 1}); + assert(res.ok); + }; + + var shouldFail = + function(uri) { + assert.throws(function(uri) { + var conn = new Mongo(uri); + }, [uri], "network error while attempting to run command"); + } + + // Start up a mongod with ssl required. + var sslMongo = MongoRunner.runMongod({ + sslMode: "requireSSL", + sslPEMKeyFile: "jstests/libs/server.pem", + sslCAFile: "jstests/libs/ca.pem", + }); + + var sslURI = "mongodb://localhost:" + sslMongo.port + "/admin"; + + // When talking to a server with SSL, connecting with ssl=false fails. + shouldSucceed(sslURI); + shouldSucceed(sslURI + "?ssl=true"); + shouldFail(sslURI + "?ssl=false"); + + var connectWithURI = function(uri) { + return runMongoProgram('./mongo', + '--ssl', + '--sslAllowInvalidCertificates', + '--sslCAFile', + 'jstests/libs/ca.pem', + '--sslPEMKeyFile', + 'jstests/libs/client.pem', + uri, + '--eval', + 'db.runCommand({ismaster: 1})'); + }; + + var shouldConnect = function(uri) { + assert.eq(connectWithURI(uri), 0, "should have been able to connect with " + uri); + }; + + var shouldNotConnect = function(uri) { + assert.eq(connectWithURI(uri), 1, "should not have been able to connect with " + uri); + }; + + // When talking to a server with SSL, connecting with ssl=false on the command line fails. + shouldConnect(sslURI); + shouldNotConnect(sslURI + "?ssl=false"); + shouldConnect(sslURI + "?ssl=true"); + + // Connecting with ssl=true without --ssl will not work + var res = + runMongoProgram('./mongo', sslURI + "?ssl=true", '--eval', 'db.runCommand({ismaster: 1})'); + assert.eq(res, 1, "should not have been able to connect without --ssl"); + + // Clean up + MongoRunner.stopMongod(sslMongo); +}()); |