diff options
author | Eric Milkie <milkie@10gen.com> | 2013-01-18 14:23:52 -0500 |
---|---|---|
committer | Eric Milkie <milkie@10gen.com> | 2013-01-18 14:29:34 -0500 |
commit | 1a1f72cc2a298289a0303c0eb316f363c75be057 (patch) | |
tree | 823177750e744e1d36745f9ea0dcef279c37ec5c /jstests/ssl/ssl_weak.js | |
parent | c9f85f4c81763a8cd0c48a26e15e2e21e8416f0d (diff) | |
download | mongo-1a1f72cc2a298289a0303c0eb316f363c75be057.tar.gz |
SERVER-8209 reverse logic of --sslForceCertificateValidation with --sslWeakCertificateValidation
Diffstat (limited to 'jstests/ssl/ssl_weak.js')
-rw-r--r-- | jstests/ssl/ssl_weak.js | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_weak.js b/jstests/ssl/ssl_weak.js new file mode 100644 index 00000000000..8bab70b4d7d --- /dev/null +++ b/jstests/ssl/ssl_weak.js @@ -0,0 +1,42 @@ +// Test forcing certificate validation +// This tests that forcing certification validation will prohibit clients without certificates +// from connecting. +ports = allocatePorts( 2 ); + +var baseName = "jstests_ssl_ssl_weak"; + + +// Test that connecting with no client certificate and --sslWeakCertificateValidation connects +// successfully. +var md = startMongod( "--port", ports[0], "--dbpath", "/data/db/" + baseName, "--sslOnNormalPorts", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslCAFile", "jstests/libs/ca.pem", + "--sslWeakCertificateValidation"); + +var mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", + "--eval", ";"); + +// 0 is the exit code for success +assert(mongo==0); + + +// Test that connecting with a valid client certificate connects successfully. +mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", + "--sslPEMKeyFile", "jstests/libs/client.pem", + "--eval", ";"); + +// 0 is the exit code for success +assert(mongo==0); + + +// Test that connecting with no client certificate and no --sslWeakCertificateValidation fails to +// connect. +var md2 = startMongod( "--port", ports[1], "--dbpath", "/data/db/" + baseName, "--sslOnNormalPorts", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslCAFile", "jstests/libs/ca.pem"); + +mongo = runMongoProgram("mongo", "--port", ports[1], "--ssl", + "--eval", ";"); + +// 1 is the exit code for failure +assert(mongo==1); |