diff options
| author | Sara Golemon <sara.golemon@mongodb.com> | 2019-02-06 21:49:47 -0600 |
|---|---|---|
| committer | Sara Golemon <sara.golemon@mongodb.com> | 2019-03-01 16:06:08 +0000 |
| commit | 987e5fc980b2288371ebd2c133b58466cc646d60 (patch) | |
| tree | dfa2cb994cc27c23964aad50b040e83595b2d338 /jstests/ssl | |
| parent | 6b601f1005a683fb5fd6050b8ecb618c49fd6e59 (diff) | |
| download | mongo-987e5fc980b2288371ebd2c133b58466cc646d60.tar.gz | |
SERVER-39217 SecureTransport with Intermediate CA
Diffstat (limited to 'jstests/ssl')
| -rw-r--r-- | jstests/ssl/ssl_intermediate_ca.js | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_intermediate_ca.js b/jstests/ssl/ssl_intermediate_ca.js new file mode 100644 index 00000000000..838f43bcb30 --- /dev/null +++ b/jstests/ssl/ssl_intermediate_ca.js @@ -0,0 +1,37 @@ +// Test that including intermediate certificates +// in the certificate key file will be sent to the remote. + +(function() { + 'use strict'; + + load('jstests/ssl/libs/ssl_helpers.js'); + + if (determineSSLProvider() === 'windows') { + // FIXME: SERVER-39574 + print("Skipping test with windows SChannel pending SERVER-39574"); + return; + } + + // server-intermediate-ca was signed by ca.pem, not trusted-ca.pem + const VALID_CA = 'jstests/libs/ca.pem'; + const INVALID_CA = 'jstests/libs/trusted-ca.pem'; + + function runTest(inbound, outbound) { + const mongod = MongoRunner.runMongod({ + sslMode: 'requireSSL', + sslAllowConnectionsWithoutCertificates: '', + sslPEMKeyFile: 'jstests/libs/server-intermediate-ca.pem', + sslCAFile: outbound, + sslClusterCAFile: inbound, + }); + assert(mongod); + assert.eq(mongod.getDB('admin').system.users.find({}).toArray(), []); + MongoRunner.stopMongod(mongod); + } + + // Normal mode, we have a valid CA being presented for outbound and inbound. + runTest(VALID_CA, VALID_CA); + + // Alternate CA mode, only the inbound CA is valid. + runTest(VALID_CA, INVALID_CA); +})(); |