diff options
author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2020-02-10 15:23:44 -0500 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-02-20 20:36:48 +0000 |
commit | c73b7af4489ed839ab9f337bad08d9a6c93220e4 (patch) | |
tree | fe718b83869b8c5019970f3362f45a8e1948725d /jstests/ocsp | |
parent | 27eabf4d9dbdbb14ee1b5d8aa03778343ff325d7 (diff) | |
download | mongo-c73b7af4489ed839ab9f337bad08d9a6c93220e4.tar.gz |
SERVER-42936 Implement support for Client connections without OCSP
create mode 100644 jstests/ocsp/ocsp_connection_type_testing.js
Diffstat (limited to 'jstests/ocsp')
-rw-r--r-- | jstests/ocsp/ocsp_connection_type_testing.js | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/jstests/ocsp/ocsp_connection_type_testing.js b/jstests/ocsp/ocsp_connection_type_testing.js new file mode 100644 index 00000000000..b4f7ccae42b --- /dev/null +++ b/jstests/ocsp/ocsp_connection_type_testing.js @@ -0,0 +1,87 @@ +// Check that OCSP verification works +// @tags: [requires_http_client] + +load("jstests/ocsp/lib/mock_ocsp.js"); + +(function() { +"use strict"; + +if (determineSSLProvider() != "openssl") { + return; +} + +let mock_ocsp = new MockOCSPServer("", 10); +mock_ocsp.start(); + +// Set Default timeout time to 2 minutes so test doesn't +// run forever. +ReplSetTest.kDefaultTimeoutMS = 1 * 30 * 1000; + +// We don't want to invoke the hang analyzer because we +// expect this test to fail by timing out +MongoRunner.runHangAnalyzer.disable(); + +const ocsp_options = { + sslMode: "requireSSL", + sslPEMKeyFile: OCSP_SERVER_CERT, + sslCAFile: OCSP_CA_CERT, + sslAllowInvalidHostnames: "", + setParameter: { + "ocspEnabled": "true", + }, +}; + +const rstest = ReplSetTest({ + name: "OCSP Servers Test", + nodes: 2, + nodeOptions: ocsp_options, +}); + +rstest.startSet(); + +mock_ocsp.stop(); + +mock_ocsp = new MockOCSPServer(FAULT_REVOKED, 10); +mock_ocsp.start(); + +sleep(10); + +assert.throws(() => { + rstest.initialize(); +}); + +rstest.stopSet(); + +mock_ocsp.stop(); + +// The next few tests depend on stapling +// being available. +if (!supportsStapling()) { + return; +} + +mock_ocsp = new MockOCSPServer(); +mock_ocsp.start(); + +let conn = null; + +assert.doesNotThrow(() => { + conn = MongoRunner.runMongod(ocsp_options); +}); +mock_ocsp.stop(); + +mock_ocsp = new MockOCSPServer(FAULT_REVOKED); +mock_ocsp.start(); + +// The OCSP status of the client's cert would be Revoked, +// but because we don't want the Server to check the status +// of the client's cert, we assert that this doesn't throw. +assert.doesNotThrow(() => { + new Mongo(conn.host); +}); + +MongoRunner.stopMongod(conn); + +sleep(1000); +mock_ocsp.stop(); +}()); |