SERVER-27264 Allow disabling no client certificate warning

author: Adam Cooper <adam.cooper@mongodb.com> 2018-06-11 13:38:54 -0400
committer: Adam Cooper <adam.cooper@mongodb.com> 2018-06-11 13:38:54 -0400
commit: 14eb0afce97b372d0dc4d2a4c41a00318a36b0e2 (patch)
tree: ac42f2d919e7e90cfa8891e4494addfe8af93c93 /jstests/ssl
parent: 600bfacdc68e5746eb2778703658c448e933689d (diff)
download: mongo-14eb0afce97b372d0dc4d2a4c41a00318a36b0e2.tar.gz
1 files changed, 53 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_client_certificate_warning_suppression.js b/jstests/ssl/ssl_client_certificate_warning_suppression.js
new file mode 100644
index 00000000000..4c6fa63128e
--- /dev/null
+++ b/jstests/ssl/ssl_client_certificate_warning_suppression.js
@@ -0,0 +1,53 @@
+/**
+ * Tests the startup-only setParameter value suppressNoTLSPeerCertificateWarning which suppresses
+ * the log message "no SSL certificate provided by peer" when a client certificate is not provided.
+ * This only works if weak validation is enabled.
+ *
+ * This test confirms that the log message is output when the setParameter is set to true,
+ * and is not output when the setParameter is set to false.
+ */
+
+load('jstests/ssl/libs/ssl_helpers.js');
+
+(function() {
+    'use strict';
+
+    function test(suppress) {
+        const opts = {
+            sslMode: 'requireSSL',
+            sslPEMKeyFile: "jstests/libs/server.pem",
+            sslCAFile: "jstests/libs/ca.pem",
+            waitForConnect: false,
+            sslAllowConnectionsWithoutCertificates: "",
+            setParameter: {suppressNoTLSPeerCertificateWarning: suppress}
+        };
+        clearRawMongoProgramOutput();
+        const mongod = MongoRunner.runMongod(opts);
+
+        assert.soon(function() {
+            return runMongoProgram('mongo',
+                                   '--ssl',
+                                   '--sslAllowInvalidHostnames',
+                                   '--sslCAFile',
+                                   CA_CERT,
+                                   '--port',
+                                   mongod.port,
+                                   '--eval',
+                                   'quit()') === 0;
+        }, "mongo did not initialize properly");
+
+        const log = rawMongoProgramOutput();
+        assert.eq(suppress, log.search('no SSL certificate provided by peer') === -1);
+
+        try {
+            MongoRunner.stopMongod(mongod);
+        } catch (e) {
+            // Depending on timing, exitCode might be 0, 1, or -9.
+            // All that matters is that it dies, resmoke will tell us if that failed.
+            // So just let it go, the exit code never bothered us anyway.
+        }
+    }
+
+    test(true);
+    test(false);
+})();
author	Adam Cooper <adam.cooper@mongodb.com>	2018-06-11 13:38:54 -0400
committer	Adam Cooper <adam.cooper@mongodb.com>	2018-06-11 13:38:54 -0400
commit	14eb0afce97b372d0dc4d2a4c41a00318a36b0e2 (patch)
tree	ac42f2d919e7e90cfa8891e4494addfe8af93c93 /jstests/ssl
parent	600bfacdc68e5746eb2778703658c448e933689d (diff)
download	mongo-14eb0afce97b372d0dc4d2a4c41a00318a36b0e2.tar.gz