diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-03-06 18:33:23 -0500 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-04-10 18:52:31 -0400 |
commit | b94082c75466269096084c1385aa9c30af05161f (patch) | |
tree | eebd4537be2f4f2e02eae869551d73e75a060a61 /jstests/ssl/ssl_restricted_protocols.js | |
parent | 4e1fff07b0d76337232abc682fbbe13c546e5c13 (diff) | |
download | mongo-b94082c75466269096084c1385aa9c30af05161f.tar.gz |
SERVER-34390: Static link OpenSSL on OS X
Diffstat (limited to 'jstests/ssl/ssl_restricted_protocols.js')
-rw-r--r-- | jstests/ssl/ssl_restricted_protocols.js | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_restricted_protocols.js b/jstests/ssl/ssl_restricted_protocols.js new file mode 100644 index 00000000000..f09c90c4535 --- /dev/null +++ b/jstests/ssl/ssl_restricted_protocols.js @@ -0,0 +1,40 @@ +// Ensure that the shell may connect to servers running supporting restricted subsets of TLS +// protocols. + +(function() { + 'use strict'; + + var SERVER_CERT = "jstests/libs/server.pem"; + var CLIENT_CERT = "jstests/libs/client.pem"; + var CA_CERT = "jstests/libs/ca.pem"; + + function runTestWithoutSubset(subset) { + const disabledProtocols = subset.join(","); + const conn = MongoRunner.runMongod({ + sslMode: 'allowSSL', + sslPEMKeyFile: SERVER_CERT, + sslDisabledProtocols: disabledProtocols + }); + + const exitStatus = runMongoProgram('mongo', + '--ssl', + '--sslAllowInvalidHostnames', + '--sslPEMKeyFile', + CLIENT_CERT, + '--sslCAFile', + CA_CERT, + '--port', + conn.port, + '--eval', + 'quit()'); + + assert.eq(0, exitStatus, ""); + + MongoRunner.stopMongod(conn); + } + + runTestWithoutSubset(["TLS1_0"]); + runTestWithoutSubset(["TLS1_2"]); + runTestWithoutSubset(["TLS1_0", "TLS1_1"]); + +})(); |