diff options
author | Jonathan Reams <jbreams@mongodb.com> | 2019-05-01 15:19:44 -0400 |
---|---|---|
committer | Jonathan Reams <jbreams@mongodb.com> | 2019-05-07 14:41:29 -0400 |
commit | 800127b9e3a6dfe8ce42c454b0f9abe454566fec (patch) | |
tree | 948f90132cd4f86a24ee752a709615ac8dfa1cea /jstests/ssl | |
parent | 14c4a6e66351e07b1965622b4e8fb8d5bf0a04e2 (diff) | |
download | mongo-800127b9e3a6dfe8ce42c454b0f9abe454566fec.tar.gz |
SERVER-40601 Make timing of tls1_0.js deterministic
Diffstat (limited to 'jstests/ssl')
-rw-r--r-- | jstests/ssl/libs/ssl_helpers.js | 13 | ||||
-rw-r--r-- | jstests/ssl/tls1_0.js | 111 |
2 files changed, 13 insertions, 111 deletions
diff --git a/jstests/ssl/libs/ssl_helpers.js b/jstests/ssl/libs/ssl_helpers.js index 37dad3972ee..78a9cd1daae 100644 --- a/jstests/ssl/libs/ssl_helpers.js +++ b/jstests/ssl/libs/ssl_helpers.js @@ -225,8 +225,21 @@ function detectDefaultTLSProtocol() { sslDisabledProtocols: 'none', useLogFiles: true, tlsLogVersions: "TLS1_0,TLS1_1,TLS1_2,TLS1_3", + waitForConnect: true, }); + assert.eq(0, + runMongoProgram('mongo', + '--ssl', + '--port', + conn.port, + '--sslPEMKeyFile', + 'jstests/libs/client.pem', + '--sslCAFile', + 'jstests/libs/ca.pem', + '--eval', + ';')); + const res = conn.getDB("admin").serverStatus().transportSecurity; MongoRunner.stopMongod(conn); diff --git a/jstests/ssl/tls1_0.js b/jstests/ssl/tls1_0.js deleted file mode 100644 index 5c751d73f0f..00000000000 --- a/jstests/ssl/tls1_0.js +++ /dev/null @@ -1,111 +0,0 @@ -// Make sure MongoD starts with TLS 1.0 disabled (except w/ old OpenSSL). - -(function() { - 'use strict'; - - load("jstests/ssl/libs/ssl_helpers.js"); - - // There will be cases where a connect is impossible, - // let the test runner clean those up. - TestData.failIfUnterminatedProcesses = false; - - const supportsTLS1_1 = (function() { - const openssl = getBuildInfo().openssl || {}; - if (openssl.compiled === undefined) { - // Native TLS build. - return true; - } - // OpenSSL 0.x.x => TLS 1.0 only. - if (/OpenSSL 0\./.test(openssl.compiled)) { - return false; - } - // OpenSSL 1.0.0-1.0.0k => TLS 1.0 only. - if (/OpenSSL 1\.0\.0[ a-k]/.test(openssl.compiled)) { - return false; - } - - // OpenSSL 1.0.0l and later include TLS 1.1 and 1.2 - return true; - })(); - - const defaultEnableTLS1_0 = (function() { - // If the build doesn't support TLS 1.1, then TLS 1.0 is left enabled. - return !supportsTLS1_1; - })(); - - const supportsTLS1_3 = detectDefaultTLSProtocol() !== "TLS1_2"; - - function test(serverDP, clientDP, shouldSucceed) { - const expectLogMessage = !defaultEnableTLS1_0 && (serverDP === null); - let serverOpts = { - sslMode: 'allowSSL', - sslPEMKeyFile: 'jstests/libs/server.pem', - sslCAFile: 'jstests/libs/ca.pem', - waitForConnect: false - }; - if (serverDP !== null) { - serverOpts.sslDisabledProtocols = serverDP; - } - clearRawMongoProgramOutput(); - const mongod = MongoRunner.runMongod(serverOpts); - assert(mongod); - - let clientOpts = []; - if (clientDP !== null) { - clientOpts = ['--sslDisabledProtocols', clientDP]; - } - const didSucceed = (function() { - try { - assert.soon(function() { - return 0 == runMongoProgram('mongo', - '--ssl', - '--port', - mongod.port, - '--sslPEMKeyFile', - 'jstests/libs/client.pem', - '--sslCAFile', - 'jstests/libs/ca.pem', - ...clientOpts, - '--eval', - ';'); - }, "Connecting to mongod", 30 * 1000); - return true; - } catch (e) { - return false; - } - })(); - - // Exit code based success/failure. - assert.eq( - didSucceed, shouldSucceed, "Running with " + tojson(serverDP) + "/" + tojson(clientDP)); - - assert.eq(expectLogMessage, - rawMongoProgramOutput().search('Automatically disabling TLS 1.0') >= 0, - "TLS 1.0 was/wasn't automatically disabled"); - } - - // Tests with default client behavior (TLS 1.0 disabled if 1.1 available). - test(null, null, true); - test('none', null, true); - test('TLS1_0', null, supportsTLS1_1); - test('TLS1_1,TLS1_2', null, !supportsTLS1_1 || supportsTLS1_3); - test('TLS1_1,TLS1_2,TLS1_3', null, !supportsTLS1_1); - test('TLS1_0,TLS1_1', null, supportsTLS1_1); - test('TLS1_0,TLS1_1,TLS1_2', null, supportsTLS1_3); - test('TLS1_0,TLS1_1,TLS1_2,TLS1_3', null, false); - - // Tests with TLS 1.0 always enabled on client. - test(null, 'none', true); - test('none', 'none', true); - test('TLS1_0', 'none', supportsTLS1_1); - test('TLS1_1,TLS1_2', 'none', true); - test('TLS1_0,TLS1_1', 'none', supportsTLS1_1); - - // Tests with TLS 1.0 explicitly disabled on client. - test(null, 'TLS1_0', supportsTLS1_1); - test('none', 'TLS1_0', supportsTLS1_1); - test('TLS1_0', 'TLS1_0', supportsTLS1_1); - test('TLS1_1,TLS1_2', 'TLS1_0', supportsTLS1_3); - test('TLS1_1,TLS1_2,TLS1_3', 'TLS1_0', false); - test('TLS1_0,TLS1_1', 'TLS1_0', supportsTLS1_1); -})(); |