diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2013-10-11 13:56:29 -0400 |
---|---|---|
committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2013-10-22 14:34:45 -0400 |
commit | 1452ef1ef0439bb9ee7a44df6d3bce73f4b12f63 (patch) | |
tree | f78421786692ce146d0480c541a3b5d630234105 /jstests/sslSpecial | |
parent | 75135b965a7d9af110bd42bc40e9ad6dfac254ab (diff) | |
download | mongo-1452ef1ef0439bb9ee7a44df6d3bce73f4b12f63.tar.gz |
SERVER-8864 Tests for SSL mixed-mode
Diffstat (limited to 'jstests/sslSpecial')
-rw-r--r-- | jstests/sslSpecial/ssl_mixedmode.js | 55 | ||||
-rw-r--r-- | jstests/sslSpecial/ssl_mixedmode2.js | 8 |
2 files changed, 63 insertions, 0 deletions
diff --git a/jstests/sslSpecial/ssl_mixedmode.js b/jstests/sslSpecial/ssl_mixedmode.js new file mode 100644 index 00000000000..dba6fd57b2b --- /dev/null +++ b/jstests/sslSpecial/ssl_mixedmode.js @@ -0,0 +1,55 @@ +// Test the --sslMode parameter +// This tests runs through the 8 possible combinations of sslMode values +// and SSL-enabled and disabled shell respectively. For each combination +// expected behavior is verified. +var SERVER_CERT = "jstests/libs/server.pem" +var CA_CERT = "jstests/libs/ca.pem" +var CLIENT_CERT = "jstests/libs/client.pem" + +var baseName = "jstests_mixed_mode_ssl" +port = allocatePorts(1)[0]; + +function testCombination(sslMode, sslShell, shouldSucceed) { + if (sslMode == "noSSL") { + MongoRunner.runMongod({port: port}); + } + else { + MongoRunner.runMongod({port: port, + sslMode: sslMode, + sslPEMKeyFile: SERVER_CERT, + sslCAFile: CA_CERT}); + } + + var mongo; + if (sslShell) { + mongo = runMongoProgram("mongo", "--port", port, "--ssl", + "--sslPEMKeyFile", CLIENT_CERT, + "--eval", ";"); + } + else { + mongo = runMongoProgram("mongo", "--port", port, + "--eval", ";"); + } + + if (shouldSucceed) { + // runMongoProgram returns 0 on success + assert.eq(0, mongo, "Connection attempt failed when it should succeed sslMode:" + + sslMode + " SSL-shell:" + sslShell); + } + else { + // runMongoProgram returns 1 on failure + assert.eq(1, mongo, "Connection attempt succeeded when it should fail sslMode:" + + sslMode + " SSL-shell:" + sslShell); + } + stopMongod(port); +} + +testCombination("noSSL", false, true); +testCombination("acceptSSL", false, true); +testCombination("sendAcceptSSL", false, true); +testCombination("sslOnly", false, false); +testCombination("noSSL", true, false); +testCombination("acceptSSL", true, true); +testCombination("sendAcceptSSL", true, true); +testCombination("sslOnly", true, true); + diff --git a/jstests/sslSpecial/ssl_mixedmode2.js b/jstests/sslSpecial/ssl_mixedmode2.js new file mode 100644 index 00000000000..75e8c1c69d4 --- /dev/null +++ b/jstests/sslSpecial/ssl_mixedmode2.js @@ -0,0 +1,8 @@ +// Test mixed sslMode noSSL/acceptSSL, this test cannot be run +// from the /ssl directory since the --use-ssl passthrough +// will make it impossible for the shell to connect to the replicas +ssl_options1 = {sslMode : "noSSL"}; +ssl_options2 = {sslMode : "acceptSSL", + sslPEMKeyFile : "jstests/libs/server.pem", + sslCAFile: "jstests/libs/ca.pem"}; +load("jstests/replsets/replset1.js"); |