diff options
| author | Charlie <charlie.swanson@10gen.com> | 2015-03-24 13:46:51 -0400 |
|---|---|---|
| committer | Charlie <charlie.swanson@10gen.com> | 2015-03-24 13:46:51 -0400 |
| commit | 6d33c3637e073c83138919a5472b181c65a48d08 (patch) | |
| tree | 2e5a710bad1f191ce5f55fa72ce288b7ff89c03f /jstests/ssl | |
| parent | 574810647c6bd93415ecfdcf21b45d1c3588288c (diff) | |
| download | mongo-6d33c3637e073c83138919a5472b181c65a48d08.tar.gz | |
Revert "SERVER-17450 Cleanup SSL test infrastructure"
This reverts commit 43e53251a30e680fb57a3f042f66910355197cde.
Diffstat (limited to 'jstests/ssl')
| -rw-r--r-- | jstests/ssl/disable_x509.js | 7 | ||||
| -rw-r--r-- | jstests/ssl/initial_sync1_x509.js | 6 | ||||
| -rw-r--r-- | jstests/ssl/mixed_mode_repl.js | 3 | ||||
| -rw-r--r-- | jstests/ssl/mixed_mode_sharded.js | 4 | ||||
| -rw-r--r-- | jstests/ssl/set_parameter_ssl.js | 5 | ||||
| -rw-r--r-- | jstests/ssl/sharding_with_x509.js | 1 | ||||
| -rw-r--r-- | jstests/ssl/ssl_cert_password.js | 16 | ||||
| -rw-r--r-- | jstests/ssl/ssl_crl.js | 30 | ||||
| -rw-r--r-- | jstests/ssl/ssl_crl_revoked.js | 16 | ||||
| -rw-r--r-- | jstests/ssl/ssl_fips.js | 19 | ||||
| -rw-r--r-- | jstests/ssl/ssl_hostname_validation.js | 8 | ||||
| -rw-r--r-- | jstests/ssl/ssl_invalid_server_cert.js | 17 | ||||
| -rw-r--r-- | jstests/ssl/ssl_options.js | 3 | ||||
| -rw-r--r-- | jstests/ssl/ssl_weak.js | 30 | ||||
| -rw-r--r-- | jstests/ssl/ssl_without_ca.js | 4 | ||||
| -rw-r--r-- | jstests/ssl/upgrade_to_ssl.js | 15 | ||||
| -rw-r--r-- | jstests/ssl/upgrade_to_x509_ssl.js | 3 | ||||
| -rw-r--r-- | jstests/ssl/x509_client.js | 27 |
18 files changed, 126 insertions, 88 deletions
diff --git a/jstests/ssl/disable_x509.js b/jstests/ssl/disable_x509.js index 57175aa0f94..8b3ec8957b6 100644 --- a/jstests/ssl/disable_x509.js +++ b/jstests/ssl/disable_x509.js @@ -1,12 +1,9 @@ // Test enabling and disabling the MONGODB-X509 auth mech +TestData.useX509 = false; var CLIENT_USER = "CN=client,OU=KernelUser,O=MongoDB,L=New York City,ST=New York,C=US" -var conn = MongoRunner.runMongod({smallfiles: "", - auth: "", - sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem"}); +var conn = MongoRunner.runMongod({ smallfiles: "", auth: "" }); // Find out if this build supports the authenticationMechanisms startup parameter. // If it does, restart with and without the MONGODB-X509 mechanisms enabled. diff --git a/jstests/ssl/initial_sync1_x509.js b/jstests/ssl/initial_sync1_x509.js index f767dba0dde..27eb67207ed 100644 --- a/jstests/ssl/initial_sync1_x509.js +++ b/jstests/ssl/initial_sync1_x509.js @@ -1,10 +1,6 @@ // Basic tests for cluster authentication using x509. -var common_options = {keyFile : "jstests/libs/key1", - sslMode : "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem", - sslAllowInvalidHostnames: ""}; +var common_options = {keyFile : "jstests/libs/key1"}; function runInitialSyncTest() { load("jstests/replsets/rslib.js"); diff --git a/jstests/ssl/mixed_mode_repl.js b/jstests/ssl/mixed_mode_repl.js index e5d7297c7e3..80109a0581c 100644 --- a/jstests/ssl/mixed_mode_repl.js +++ b/jstests/ssl/mixed_mode_repl.js @@ -1,6 +1,9 @@ // This test is related to mixed_mode_repl_nossl.js in // the sslSpecial test set. This test must be run with --use-ssl +// If we are running in use-x509 passthrough mode, turn it off +// since it is not necessary for this test. +TestData.useX509 = false; load("jstests/ssl/libs/ssl_helpers.js") // Verify that requireSSL allows ssl connections diff --git a/jstests/ssl/mixed_mode_sharded.js b/jstests/ssl/mixed_mode_sharded.js index efee241ff0c..08d872939a2 100644 --- a/jstests/ssl/mixed_mode_sharded.js +++ b/jstests/ssl/mixed_mode_sharded.js @@ -2,6 +2,10 @@ * This test checks if different mixtures of ssl modes * in a sharded cluster can or cannot function */ + +// If we are running in use-x509 passthrough mode, turn it off +// since it is not necessary for this test. +TestData.useX509 = false; load("jstests/ssl/libs/ssl_helpers.js"); print("=== Testing requireSSL/requireSSL cluster ==="); diff --git a/jstests/ssl/set_parameter_ssl.js b/jstests/ssl/set_parameter_ssl.js index 801d4e15b72..19d11b9047f 100644 --- a/jstests/ssl/set_parameter_ssl.js +++ b/jstests/ssl/set_parameter_ssl.js @@ -1,5 +1,6 @@ // Test changing the --sslMode and --clusterAuthMode // parameters using setParameter +TestData.useX509 = false; var SERVER_CERT = "jstests/libs/server.pem" var CA_CERT = "jstests/libs/ca.pem" @@ -18,7 +19,7 @@ function testSSLTransition(oldMode, newMode, shouldSucceed) { "sslMode" : newMode }); assert(res["ok"] == shouldSucceed, tojson(res)); - MongoRunner.stopMongod(port); + stopMongod(port); } function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) { @@ -35,7 +36,7 @@ function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) { "clusterAuthMode" : newMode }); assert(res["ok"] == shouldSucceed, tojson(res)); - MongoRunner.stopMongod(port); + stopMongod(port); } testSSLTransition("allowSSL", "invalid", false); diff --git a/jstests/ssl/sharding_with_x509.js b/jstests/ssl/sharding_with_x509.js index aee7ac0e15f..1a1e41f6cae 100644 --- a/jstests/ssl/sharding_with_x509.js +++ b/jstests/ssl/sharding_with_x509.js @@ -5,7 +5,6 @@ var x509_options = {sslMode : "requireSSL", sslPEMKeyFile : "jstests/libs/server.pem", sslCAFile: "jstests/libs/ca.pem", sslClusterFile: "jstests/libs/cluster_cert.pem", - sslAllowInvalidHostnames: "", clusterAuthMode: "x509"}; // Start ShardingTest with enableBalancer because ShardingTest attempts to turn diff --git a/jstests/ssl/ssl_cert_password.js b/jstests/ssl/ssl_cert_password.js index 1c0e271be20..1c03f6ed7e0 100644 --- a/jstests/ssl/ssl_cert_password.js +++ b/jstests/ssl/ssl_cert_password.js @@ -10,13 +10,13 @@ resetDbpath(dbpath); mkdir(external_scratch_dir); // Password is correct -var md = MongoRunner.runMongod({nopreallocj: "", - port: port, - dbpath: dbpath, - sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/password_protected.pem", - sslPEMKeyPassword: "qwerty"}); -// MongoRunner.runMongod connects a Mongo shell, so if we get here, the test is successful. +md = startMongod("--nopreallocj", + "--port", port, + "--dbpath", dbpath, + "--sslMode","requireSSL", + "--sslPEMKeyFile", "jstests/libs/password_protected.pem", + "--sslPEMKeyPassword", "qwerty"); +// startMongod connects a Mongo shell, so if we get here, the test is successful. // Password incorrect; error logged is: @@ -134,6 +134,6 @@ assert.eq(md5, md5_stored, "hash of stored file does not match the expected valu if (!_isWindows()) { // Stop the server - var exitCode = MongoRunner.stopMongod(port, 15); + var exitCode = stopMongod(port, 15); assert(exitCode == 0); } diff --git a/jstests/ssl/ssl_crl.js b/jstests/ssl/ssl_crl.js index fd83c3979ef..0d4bf0f4200 100644 --- a/jstests/ssl/ssl_crl.js +++ b/jstests/ssl/ssl_crl.js @@ -5,28 +5,36 @@ // crl.pem is a CRL with no revoked certificates. // This test should allow the user to connect with client.pem certificate. -var md = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem", - sslCRLFile: "jstests/libs/crl.pem"}); +ports = allocatePorts(2); +port1 = ports[0]; +var baseName = "jstests_ssl_ssl_crl"; -var mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates", +var md = startMongod("--port", port1, "--dbpath", + MongoRunner.dataPath + baseName + "1", + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslCAFile", "jstests/libs/ca.pem", + "--sslCRLFile", "jstests/libs/crl.pem"); + + +var mongo = runMongoProgram("mongo", "--port", port1, "--ssl", "--sslAllowInvalidCertificates", "--sslPEMKeyFile", "jstests/libs/client.pem", "--eval", ";"); // 0 is the exit code for success assert(mongo==0); - +port2 = ports[1]; // This test ensures clients cannot connect if the CRL is expired. -md = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem", - sslCRLFile: "jstests/libs/crl_expired.pem"}); +md = startMongod("--port", port2, "--dbpath", MongoRunner.dataPath + baseName + "2", + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslCAFile", "jstests/libs/ca.pem", + "--sslCRLFile", "jstests/libs/crl_expired.pem"); -mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates", +mongo = runMongoProgram("mongo", "--port", port2, "--ssl", "--sslAllowInvalidCertificates", "--sslPEMKeyFile", "jstests/libs/client.pem", "--eval", ";"); diff --git a/jstests/ssl/ssl_crl_revoked.js b/jstests/ssl/ssl_crl_revoked.js index 97ab29bf46e..53d6671f4f4 100644 --- a/jstests/ssl/ssl_crl_revoked.js +++ b/jstests/ssl/ssl_crl_revoked.js @@ -2,12 +2,18 @@ // Note: crl_client_revoked.pem is a CRL with the client.pem certificate listed as revoked. // This test should test that the user cannot connect with client.pem certificate. -var md = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem", - sslCRLFile: "jstests/libs/crl_client_revoked.pem"}); +port = allocatePorts( 1 )[ 0 ]; +var baseName = "jstests_ssl_ssl_crl_revoked"; -var mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates", + +var md = startMongod( "--port", port, "--dbpath", MongoRunner.dataPath + baseName, + "--sslMode","requireSSL", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslCAFile", "jstests/libs/ca.pem", + "--sslCRLFile", "jstests/libs/crl_client_revoked.pem"); + + +var mongo = runMongoProgram("mongo", "--port", port, "--ssl", "--sslAllowInvalidCertificates", "--sslPEMKeyFile", "jstests/libs/client_revoked.pem", "--eval", ";"); diff --git a/jstests/ssl/ssl_fips.js b/jstests/ssl/ssl_fips.js index 29b63f73aa2..ebcac31e91b 100644 --- a/jstests/ssl/ssl_fips.js +++ b/jstests/ssl/ssl_fips.js @@ -1,14 +1,15 @@ // Test mongod start with FIPS mode enabled +ports = allocatePorts(1); +port1 = ports[0]; +var baseName = "jstests_ssl_ssl_fips"; -var md = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem", - sslFIPSMode: ""}); -var mongo = runMongoProgram("mongo", - "--port", md.port, - "--ssl", - "--sslAllowInvalidCertificates", +var md = startMongod("--port", port1, "--dbpath", + MongoRunner.dataPath + baseName, "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslFIPSMode"); + +var mongo = runMongoProgram("mongo", "--port", port1, "--ssl", "--sslAllowInvalidCertificates", "--sslPEMKeyFile", "jstests/libs/client.pem", "--sslFIPSMode", "--eval", ";"); @@ -21,5 +22,5 @@ if (mongo != 0) { } else { // kill mongod - MongoRunner.stopMongod(md); + stopMongod(port1); } diff --git a/jstests/ssl/ssl_hostname_validation.js b/jstests/ssl/ssl_hostname_validation.js index 98f99b557e2..f3bf97bd168 100644 --- a/jstests/ssl/ssl_hostname_validation.js +++ b/jstests/ssl/ssl_hostname_validation.js @@ -7,6 +7,12 @@ var SAN_CERT = "jstests/libs/localhostnameSAN.pem"; var CLIENT_CERT = "jstests/libs/client.pem" var BAD_SAN_CERT = "jstests/libs/badSAN.pem"; +// We want to be able to control all SSL parameters +// but still need an SSL shell hence the test is placed +// in the /ssl directory +TestData.useX509 = false; +TestData.useSSL = false; + port = allocatePorts(1)[0]; function testCombination(certPath, allowInvalidHost, allowInvalidCert, shouldSucceed) { @@ -46,7 +52,7 @@ function testCombination(certPath, allowInvalidHost, allowInvalidCert, shouldSuc assert.eq(1, mongo, "Connection attempt succeeded when it should fail certPath: " + certPath); } - MongoRunner.stopMongod(port); + stopMongod(port); } // 1. Test client connections with different server certificates diff --git a/jstests/ssl/ssl_invalid_server_cert.js b/jstests/ssl/ssl_invalid_server_cert.js index 6487d0f99b2..d179c944fae 100644 --- a/jstests/ssl/ssl_invalid_server_cert.js +++ b/jstests/ssl/ssl_invalid_server_cert.js @@ -1,18 +1,23 @@ // Test SSL Certificate Expiration Monitoring // This tests that a mongod with --sslMode requireSSL will not start with an // X.509 certificate that is not yet valid or has expired. +ports = allocatePorts(1); +port = ports[0]; +var baseName = "jstests_ssl_ssl_invalid_server_cert"; // This test ensures that a mongod will not start with a certificate that is // not yet valid. Tested certificate will become valid 06-17-2020. -var md = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/not_yet_valid.pem", - sslCAFile: "jstests/libs/ca.pem"}); +var md = startMongod("--port", port, "--dbpath", MongoRunner.dataPath + baseName, + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/not_yet_valid.pem", + "--sslCAFile", "jstests/libs/ca.pem"); assert.eq(null, md, "Possible to start mongod with not yet valid certificate."); // This test ensures that a mongod with SSL will not start with an expired certificate. -md = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/expired.pem", - sslCAFile: "jstests/libs/ca.pem"}); +md = startMongod("--port", port, "--dbpath", MongoRunner.dataPath + baseName, + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/expired.pem", + "--sslCAFile", "jstests/libs/ca.pem"); assert.eq(null, md, "Possible to start mongod with expired certificate"); diff --git a/jstests/ssl/ssl_options.js b/jstests/ssl/ssl_options.js index 1881114b482..f4dcb4d4d47 100644 --- a/jstests/ssl/ssl_options.js +++ b/jstests/ssl/ssl_options.js @@ -5,8 +5,7 @@ jsTest.log("Testing censorship of ssl options"); var mongodConfig = { sslPEMKeyFile : "jstests/libs/password_protected.pem", sslMode : "requireSSL", sslPEMKeyPassword : "qwerty", - sslClusterPassword : "qwerty", - sslCAFile: "jstests/libs/ca.pem"}; + sslClusterPassword : "qwerty" }; var mongodSource = MongoRunner.runMongod(mongodConfig); var getCmdLineOptsResult = mongodSource.adminCommand("getCmdLineOpts"); diff --git a/jstests/ssl/ssl_weak.js b/jstests/ssl/ssl_weak.js index 5a239a6d13c..25e2e442549 100644 --- a/jstests/ssl/ssl_weak.js +++ b/jstests/ssl/ssl_weak.js @@ -1,22 +1,27 @@ // Test forcing certificate validation // This tests that forcing certification validation will prohibit clients without certificates // from connecting. +ports = allocatePorts( 2 ); + +var baseName = "jstests_ssl_ssl_weak"; + // Test that connecting with no client certificate and --sslAllowConnectionsWithoutCertificates // (an alias for sslWeakCertificateValidation) connects successfully. -var md = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem", - sslAllowConnectionsWithoutCertificates: ""}); +var md = startMongod( "--port", ports[0], "--dbpath", MongoRunner.dataPath + baseName + "1", + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslCAFile", "jstests/libs/ca.pem", + "--sslAllowConnectionsWithoutCertificates"); -var mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates", +var mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", "--sslAllowInvalidCertificates", "--eval", ";"); // 0 is the exit code for success assert(mongo==0); // Test that connecting with a valid client certificate connects successfully. -mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates", +mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", "--sslAllowInvalidCertificates", "--sslPEMKeyFile", "jstests/libs/client.pem", "--eval", ";"); @@ -24,13 +29,14 @@ mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidC assert(mongo==0); -// Test that connecting with no client certificate and no --sslAllowConnectionsWithoutCertificates -// fails to connect. -var md2 = MongoRunner.runMongod({sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem"}); +// Test that connecting with no client certificate and no --sslWeakCertificateValidation fails to +// connect. +var md2 = startMongod( "--port", ports[1], "--dbpath", MongoRunner.dataPath + baseName + "2", + "--sslMode", "requireSSL", + "--sslPEMKeyFile", "jstests/libs/server.pem", + "--sslCAFile", "jstests/libs/ca.pem"); -mongo = runMongoProgram("mongo", "--port", md2.port, "--ssl", "--sslAllowInvalidCertificates", +mongo = runMongoProgram("mongo", "--port", ports[1], "--ssl", "--sslAllowInvalidCertificates", "--eval", ";"); // 1 is the exit code for failure diff --git a/jstests/ssl/ssl_without_ca.js b/jstests/ssl/ssl_without_ca.js index 87e69eed7e4..f70495f3961 100644 --- a/jstests/ssl/ssl_without_ca.js +++ b/jstests/ssl/ssl_without_ca.js @@ -1,3 +1,7 @@ +// Must turn these off so we don't have CA file supplied automatically. +TestData.usex509 = false; +TestData.useSSL = false; + var SERVER_CERT = "jstests/libs/server.pem"; var CLIENT_CERT = "jstests/libs/client.pem"; var CLIENT_USER = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client"; diff --git a/jstests/ssl/upgrade_to_ssl.js b/jstests/ssl/upgrade_to_ssl.js index 802e99d9eeb..e43162246a2 100644 --- a/jstests/ssl/upgrade_to_ssl.js +++ b/jstests/ssl/upgrade_to_ssl.js @@ -7,14 +7,13 @@ * and therefore cannot test modes that do not allow ssl. */ +// If we are running in use-x509 passthrough mode, turn it off +// since it is not necessary for this test. +TestData.useX509 = false; load("jstests/ssl/libs/ssl_helpers.js"); // "sslAllowInvalidCertificates" is enabled to avoid hostname conflicts with our testing certs -var opts = {sslMode:"allowSSL", - sslPEMKeyFile: SERVER_CERT, - sslAllowInvalidCertificates: "", - sslAllowConnectionsWithoutCertificates: "", - sslCAFile: "jstests/libs/ca.pem"}; +opts = {sslMode:"allowSSL", sslPEMKeyFile: SERVER_CERT, sslAllowInvalidCertificates: ""}; var rst = new ReplSetTest({ name: 'sslSet', nodes: 3, nodeOptions : opts }); rst.startSet(); rst.initiate(); @@ -24,8 +23,7 @@ rstConn1.getDB("test").a.insert({a:1, str:"TESTTESTTEST"}); assert.eq(1, rstConn1.getDB("test").a.count(), "Error interacting with replSet"); print("===== UPGRADE allowSSL -> preferSSL ====="); -opts.sslMode = "preferSSL"; -rst.upgradeSet(opts); +rst.upgradeSet({sslMode:"preferSSL", sslPEMKeyFile: SERVER_CERT, sslAllowInvalidCertificates: ""}); var rstConn2 = rst.getMaster(); rstConn2.getDB("test").a.insert({a:2, str:"CHECKCHECK"}); assert.eq(2, rstConn2.getDB("test").a.count(), "Error interacting with replSet"); @@ -35,8 +33,7 @@ var canConnectNoSSL = runMongoProgram("mongo", "--port", rst.ports[0], "--eval", assert.eq(0, canConnectNoSSL, "non-SSL Connection attempt failed when it should succeed"); print("===== UPGRADE preferSSL -> requireSSL ====="); -opts.sslMode = "requireSSL"; -rst.upgradeSet(opts); +rst.upgradeSet({sslMode:"requireSSL", sslPEMKeyFile: SERVER_CERT, sslAllowInvalidCertificates: ""}); var rstConn3 = rst.getMaster(); rstConn3.getDB("test").a.insert({a:3, str:"GREENEGGSANDHAM"}); assert.eq(3, rstConn3.getDB("test").a.count(), "Error interacting with replSet"); diff --git a/jstests/ssl/upgrade_to_x509_ssl.js b/jstests/ssl/upgrade_to_x509_ssl.js index a7f8b571d29..c80cbf677aa 100644 --- a/jstests/ssl/upgrade_to_x509_ssl.js +++ b/jstests/ssl/upgrade_to_x509_ssl.js @@ -14,6 +14,9 @@ function authAllNodes() { } }; +// If we are running in use-x509 passthrough mode, turn it off +// since it is not necessary for this test. +TestData.useX509 = false; load("jstests/ssl/libs/ssl_helpers.js"); opts = {sslMode:"allowSSL", sslPEMKeyFile: SERVER_CERT, diff --git a/jstests/ssl/x509_client.js b/jstests/ssl/x509_client.js index c2c15f7b567..c2329554e3f 100644 --- a/jstests/ssl/x509_client.js +++ b/jstests/ssl/x509_client.js @@ -1,9 +1,10 @@ +// If we are running in use-x509 passthrough mode, turn it off or else the auth +// part of this test will not work correctly + +TestData.useX509 = false; + // Check if this build supports the authenticationMechanisms startup parameter. -var conn = MongoRunner.runMongod({smallfiles: "", - auth: "", - sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem"}); +var conn = MongoRunner.runMongod({ smallfiles: "", auth: "" }); conn.getDB('admin').createUser({user: "root", pwd: "pass", roles: ["root"]}); conn.getDB('admin').auth("root", "pass"); var cmdOut = conn.getDB('admin').runCommand({getParameter: 1, authenticationMechanisms: 1}) @@ -49,16 +50,19 @@ function authAndTest(mongo) { } print("1. Testing x.509 auth to mongod"); -var x509_options = {sslMode : "requireSSL", - sslPEMKeyFile : SERVER_CERT, - sslCAFile : CA_CERT}; - -var mongo = MongoRunner.runMongod(Object.merge(x509_options, {port: port, auth: ""})); +var mongo = MongoRunner.runMongod({port : port, + sslMode : "requireSSL", + sslPEMKeyFile : SERVER_CERT, + sslCAFile : CA_CERT, + auth:""}); authAndTest(mongo); -MongoRunner.stopMongod(port); +stopMongod(port); print("2. Testing x.509 auth to mongos"); +var x509_options = {sslMode : "requireSSL", + sslPEMKeyFile : SERVER_CERT, + sslCAFile : CA_CERT}; var st = new ShardingTest({ shards : 1, mongos : 1, @@ -66,7 +70,6 @@ var st = new ShardingTest({ shards : 1, extraOptions : {"keyFile" : "jstests/libs/key1"}, configOptions : x509_options, mongosOptions : x509_options, - shardOptions : x509_options, }}); authAndTest(new Mongo("localhost:" + st.s0.port)) |