SERVER-8209 reverse logic of --sslForceCertificateValidation with --sslWeakCertificateValidation

1 files changed, 42 insertions, 0 deletions

diff --git a/jstests/ssl/ssl_weak.js b/jstests/ssl/ssl_weak.js
new file mode 100644
index 00000000000..8bab70b4d7d
--- /dev/null
+++ b/jstests/ssl/ssl_weak.js
@@ -0,0 +1,42 @@
+// Test forcing certificate validation
+// This tests that forcing certification validation will prohibit clients without certificates
+// from connecting.
+ports = allocatePorts( 2 );
+
+var baseName = "jstests_ssl_ssl_weak";
+
+
+// Test that connecting with no client certificate and --sslWeakCertificateValidation connects
+// successfully.
+var md = startMongod( "--port", ports[0], "--dbpath", "/data/db/" + baseName, "--sslOnNormalPorts",
+                      "--sslPEMKeyFile", "jstests/libs/server.pem",
+                      "--sslCAFile", "jstests/libs/ca.pem",
+                      "--sslWeakCertificateValidation");
+
+var mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", 
+                            "--eval", ";");
+
+// 0 is the exit code for success
+assert(mongo==0);
+
+
+// Test that connecting with a valid client certificate connects successfully.
+mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", 
+                        "--sslPEMKeyFile", "jstests/libs/client.pem",
+                        "--eval", ";");
+
+// 0 is the exit code for success
+assert(mongo==0);
+
+
+// Test that connecting with no client certificate and no --sslWeakCertificateValidation fails to
+// connect.
+var md2 = startMongod( "--port", ports[1], "--dbpath", "/data/db/" + baseName, "--sslOnNormalPorts",
+                       "--sslPEMKeyFile", "jstests/libs/server.pem",
+                       "--sslCAFile", "jstests/libs/ca.pem");
+
+mongo = runMongoProgram("mongo", "--port", ports[1], "--ssl", 
+                        "--eval", ";");
+
+// 1 is the exit code for failure
+assert(mongo==1);