summaryrefslogtreecommitdiff
path: root/jstests
diff options
context:
space:
mode:
authorCharlie <charlie.swanson@10gen.com>2015-03-24 13:46:51 -0400
committerCharlie <charlie.swanson@10gen.com>2015-03-24 13:46:51 -0400
commit6d33c3637e073c83138919a5472b181c65a48d08 (patch)
tree2e5a710bad1f191ce5f55fa72ce288b7ff89c03f /jstests
parent574810647c6bd93415ecfdcf21b45d1c3588288c (diff)
downloadmongo-6d33c3637e073c83138919a5472b181c65a48d08.tar.gz
Revert "SERVER-17450 Cleanup SSL test infrastructure"
This reverts commit 43e53251a30e680fb57a3f042f66910355197cde.
Diffstat (limited to 'jstests')
-rw-r--r--jstests/replsets/rslib.js2
-rw-r--r--jstests/ssl/disable_x509.js7
-rw-r--r--jstests/ssl/initial_sync1_x509.js6
-rw-r--r--jstests/ssl/mixed_mode_repl.js3
-rw-r--r--jstests/ssl/mixed_mode_sharded.js4
-rw-r--r--jstests/ssl/set_parameter_ssl.js5
-rw-r--r--jstests/ssl/sharding_with_x509.js1
-rw-r--r--jstests/ssl/ssl_cert_password.js16
-rw-r--r--jstests/ssl/ssl_crl.js30
-rw-r--r--jstests/ssl/ssl_crl_revoked.js16
-rw-r--r--jstests/ssl/ssl_fips.js19
-rw-r--r--jstests/ssl/ssl_hostname_validation.js8
-rw-r--r--jstests/ssl/ssl_invalid_server_cert.js17
-rw-r--r--jstests/ssl/ssl_options.js3
-rw-r--r--jstests/ssl/ssl_weak.js30
-rw-r--r--jstests/ssl/ssl_without_ca.js4
-rw-r--r--jstests/ssl/upgrade_to_ssl.js15
-rw-r--r--jstests/ssl/upgrade_to_x509_ssl.js3
-rw-r--r--jstests/ssl/x509_client.js27
-rw-r--r--jstests/sslSpecial/set_parameter_nossl.js2
-rw-r--r--jstests/sslSpecial/ssl_mixedmode.js2
21 files changed, 129 insertions, 91 deletions
diff --git a/jstests/replsets/rslib.js b/jstests/replsets/rslib.js
index 7111063f38e..bb3b8374738 100644
--- a/jstests/replsets/rslib.js
+++ b/jstests/replsets/rslib.js
@@ -47,7 +47,7 @@ reconnect = function(a) {
db = a;
}
db.bar.stats();
- if (jsTest.options().keyFile) { // SERVER-4241: Shell connections don't re-authenticate on reconnect
+ if (jsTest.options().keyFile || jsTest.options().useX509) { // SERVER-4241: Shell connections don't re-authenticate on reconnect
return jsTest.authenticate(db.getMongo());
}
return true;
diff --git a/jstests/ssl/disable_x509.js b/jstests/ssl/disable_x509.js
index 57175aa0f94..8b3ec8957b6 100644
--- a/jstests/ssl/disable_x509.js
+++ b/jstests/ssl/disable_x509.js
@@ -1,12 +1,9 @@
// Test enabling and disabling the MONGODB-X509 auth mech
+TestData.useX509 = false;
var CLIENT_USER = "CN=client,OU=KernelUser,O=MongoDB,L=New York City,ST=New York,C=US"
-var conn = MongoRunner.runMongod({smallfiles: "",
- auth: "",
- sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem"});
+var conn = MongoRunner.runMongod({ smallfiles: "", auth: "" });
// Find out if this build supports the authenticationMechanisms startup parameter.
// If it does, restart with and without the MONGODB-X509 mechanisms enabled.
diff --git a/jstests/ssl/initial_sync1_x509.js b/jstests/ssl/initial_sync1_x509.js
index f767dba0dde..27eb67207ed 100644
--- a/jstests/ssl/initial_sync1_x509.js
+++ b/jstests/ssl/initial_sync1_x509.js
@@ -1,10 +1,6 @@
// Basic tests for cluster authentication using x509.
-var common_options = {keyFile : "jstests/libs/key1",
- sslMode : "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem",
- sslAllowInvalidHostnames: ""};
+var common_options = {keyFile : "jstests/libs/key1"};
function runInitialSyncTest() {
load("jstests/replsets/rslib.js");
diff --git a/jstests/ssl/mixed_mode_repl.js b/jstests/ssl/mixed_mode_repl.js
index e5d7297c7e3..80109a0581c 100644
--- a/jstests/ssl/mixed_mode_repl.js
+++ b/jstests/ssl/mixed_mode_repl.js
@@ -1,6 +1,9 @@
// This test is related to mixed_mode_repl_nossl.js in
// the sslSpecial test set. This test must be run with --use-ssl
+// If we are running in use-x509 passthrough mode, turn it off
+// since it is not necessary for this test.
+TestData.useX509 = false;
load("jstests/ssl/libs/ssl_helpers.js")
// Verify that requireSSL allows ssl connections
diff --git a/jstests/ssl/mixed_mode_sharded.js b/jstests/ssl/mixed_mode_sharded.js
index efee241ff0c..08d872939a2 100644
--- a/jstests/ssl/mixed_mode_sharded.js
+++ b/jstests/ssl/mixed_mode_sharded.js
@@ -2,6 +2,10 @@
* This test checks if different mixtures of ssl modes
* in a sharded cluster can or cannot function
*/
+
+// If we are running in use-x509 passthrough mode, turn it off
+// since it is not necessary for this test.
+TestData.useX509 = false;
load("jstests/ssl/libs/ssl_helpers.js");
print("=== Testing requireSSL/requireSSL cluster ===");
diff --git a/jstests/ssl/set_parameter_ssl.js b/jstests/ssl/set_parameter_ssl.js
index 801d4e15b72..19d11b9047f 100644
--- a/jstests/ssl/set_parameter_ssl.js
+++ b/jstests/ssl/set_parameter_ssl.js
@@ -1,5 +1,6 @@
// Test changing the --sslMode and --clusterAuthMode
// parameters using setParameter
+TestData.useX509 = false;
var SERVER_CERT = "jstests/libs/server.pem"
var CA_CERT = "jstests/libs/ca.pem"
@@ -18,7 +19,7 @@ function testSSLTransition(oldMode, newMode, shouldSucceed) {
"sslMode" : newMode });
assert(res["ok"] == shouldSucceed, tojson(res));
- MongoRunner.stopMongod(port);
+ stopMongod(port);
}
function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) {
@@ -35,7 +36,7 @@ function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) {
"clusterAuthMode" : newMode });
assert(res["ok"] == shouldSucceed, tojson(res));
- MongoRunner.stopMongod(port);
+ stopMongod(port);
}
testSSLTransition("allowSSL", "invalid", false);
diff --git a/jstests/ssl/sharding_with_x509.js b/jstests/ssl/sharding_with_x509.js
index aee7ac0e15f..1a1e41f6cae 100644
--- a/jstests/ssl/sharding_with_x509.js
+++ b/jstests/ssl/sharding_with_x509.js
@@ -5,7 +5,6 @@ var x509_options = {sslMode : "requireSSL",
sslPEMKeyFile : "jstests/libs/server.pem",
sslCAFile: "jstests/libs/ca.pem",
sslClusterFile: "jstests/libs/cluster_cert.pem",
- sslAllowInvalidHostnames: "",
clusterAuthMode: "x509"};
// Start ShardingTest with enableBalancer because ShardingTest attempts to turn
diff --git a/jstests/ssl/ssl_cert_password.js b/jstests/ssl/ssl_cert_password.js
index 1c0e271be20..1c03f6ed7e0 100644
--- a/jstests/ssl/ssl_cert_password.js
+++ b/jstests/ssl/ssl_cert_password.js
@@ -10,13 +10,13 @@ resetDbpath(dbpath);
mkdir(external_scratch_dir);
// Password is correct
-var md = MongoRunner.runMongod({nopreallocj: "",
- port: port,
- dbpath: dbpath,
- sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/password_protected.pem",
- sslPEMKeyPassword: "qwerty"});
-// MongoRunner.runMongod connects a Mongo shell, so if we get here, the test is successful.
+md = startMongod("--nopreallocj",
+ "--port", port,
+ "--dbpath", dbpath,
+ "--sslMode","requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/password_protected.pem",
+ "--sslPEMKeyPassword", "qwerty");
+// startMongod connects a Mongo shell, so if we get here, the test is successful.
// Password incorrect; error logged is:
@@ -134,6 +134,6 @@ assert.eq(md5, md5_stored, "hash of stored file does not match the expected valu
if (!_isWindows()) {
// Stop the server
- var exitCode = MongoRunner.stopMongod(port, 15);
+ var exitCode = stopMongod(port, 15);
assert(exitCode == 0);
}
diff --git a/jstests/ssl/ssl_crl.js b/jstests/ssl/ssl_crl.js
index fd83c3979ef..0d4bf0f4200 100644
--- a/jstests/ssl/ssl_crl.js
+++ b/jstests/ssl/ssl_crl.js
@@ -5,28 +5,36 @@
// crl.pem is a CRL with no revoked certificates.
// This test should allow the user to connect with client.pem certificate.
-var md = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem",
- sslCRLFile: "jstests/libs/crl.pem"});
+ports = allocatePorts(2);
+port1 = ports[0];
+var baseName = "jstests_ssl_ssl_crl";
-var mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates",
+var md = startMongod("--port", port1, "--dbpath",
+ MongoRunner.dataPath + baseName + "1",
+ "--sslMode", "requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/server.pem",
+ "--sslCAFile", "jstests/libs/ca.pem",
+ "--sslCRLFile", "jstests/libs/crl.pem");
+
+
+var mongo = runMongoProgram("mongo", "--port", port1, "--ssl", "--sslAllowInvalidCertificates",
"--sslPEMKeyFile", "jstests/libs/client.pem",
"--eval", ";");
// 0 is the exit code for success
assert(mongo==0);
-
+port2 = ports[1];
// This test ensures clients cannot connect if the CRL is expired.
-md = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem",
- sslCRLFile: "jstests/libs/crl_expired.pem"});
+md = startMongod("--port", port2, "--dbpath", MongoRunner.dataPath + baseName + "2",
+ "--sslMode", "requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/server.pem",
+ "--sslCAFile", "jstests/libs/ca.pem",
+ "--sslCRLFile", "jstests/libs/crl_expired.pem");
-mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates",
+mongo = runMongoProgram("mongo", "--port", port2, "--ssl", "--sslAllowInvalidCertificates",
"--sslPEMKeyFile", "jstests/libs/client.pem",
"--eval", ";");
diff --git a/jstests/ssl/ssl_crl_revoked.js b/jstests/ssl/ssl_crl_revoked.js
index 97ab29bf46e..53d6671f4f4 100644
--- a/jstests/ssl/ssl_crl_revoked.js
+++ b/jstests/ssl/ssl_crl_revoked.js
@@ -2,12 +2,18 @@
// Note: crl_client_revoked.pem is a CRL with the client.pem certificate listed as revoked.
// This test should test that the user cannot connect with client.pem certificate.
-var md = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem",
- sslCRLFile: "jstests/libs/crl_client_revoked.pem"});
+port = allocatePorts( 1 )[ 0 ];
+var baseName = "jstests_ssl_ssl_crl_revoked";
-var mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates",
+
+var md = startMongod( "--port", port, "--dbpath", MongoRunner.dataPath + baseName,
+ "--sslMode","requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/server.pem",
+ "--sslCAFile", "jstests/libs/ca.pem",
+ "--sslCRLFile", "jstests/libs/crl_client_revoked.pem");
+
+
+var mongo = runMongoProgram("mongo", "--port", port, "--ssl", "--sslAllowInvalidCertificates",
"--sslPEMKeyFile", "jstests/libs/client_revoked.pem",
"--eval", ";");
diff --git a/jstests/ssl/ssl_fips.js b/jstests/ssl/ssl_fips.js
index 29b63f73aa2..ebcac31e91b 100644
--- a/jstests/ssl/ssl_fips.js
+++ b/jstests/ssl/ssl_fips.js
@@ -1,14 +1,15 @@
// Test mongod start with FIPS mode enabled
+ports = allocatePorts(1);
+port1 = ports[0];
+var baseName = "jstests_ssl_ssl_fips";
-var md = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem",
- sslFIPSMode: ""});
-var mongo = runMongoProgram("mongo",
- "--port", md.port,
- "--ssl",
- "--sslAllowInvalidCertificates",
+var md = startMongod("--port", port1, "--dbpath",
+ MongoRunner.dataPath + baseName, "--sslMode", "requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/server.pem",
+ "--sslFIPSMode");
+
+var mongo = runMongoProgram("mongo", "--port", port1, "--ssl", "--sslAllowInvalidCertificates",
"--sslPEMKeyFile", "jstests/libs/client.pem",
"--sslFIPSMode",
"--eval", ";");
@@ -21,5 +22,5 @@ if (mongo != 0) {
}
else {
// kill mongod
- MongoRunner.stopMongod(md);
+ stopMongod(port1);
}
diff --git a/jstests/ssl/ssl_hostname_validation.js b/jstests/ssl/ssl_hostname_validation.js
index 98f99b557e2..f3bf97bd168 100644
--- a/jstests/ssl/ssl_hostname_validation.js
+++ b/jstests/ssl/ssl_hostname_validation.js
@@ -7,6 +7,12 @@ var SAN_CERT = "jstests/libs/localhostnameSAN.pem";
var CLIENT_CERT = "jstests/libs/client.pem"
var BAD_SAN_CERT = "jstests/libs/badSAN.pem";
+// We want to be able to control all SSL parameters
+// but still need an SSL shell hence the test is placed
+// in the /ssl directory
+TestData.useX509 = false;
+TestData.useSSL = false;
+
port = allocatePorts(1)[0];
function testCombination(certPath, allowInvalidHost, allowInvalidCert, shouldSucceed) {
@@ -46,7 +52,7 @@ function testCombination(certPath, allowInvalidHost, allowInvalidCert, shouldSuc
assert.eq(1, mongo, "Connection attempt succeeded when it should fail certPath: " +
certPath);
}
- MongoRunner.stopMongod(port);
+ stopMongod(port);
}
// 1. Test client connections with different server certificates
diff --git a/jstests/ssl/ssl_invalid_server_cert.js b/jstests/ssl/ssl_invalid_server_cert.js
index 6487d0f99b2..d179c944fae 100644
--- a/jstests/ssl/ssl_invalid_server_cert.js
+++ b/jstests/ssl/ssl_invalid_server_cert.js
@@ -1,18 +1,23 @@
// Test SSL Certificate Expiration Monitoring
// This tests that a mongod with --sslMode requireSSL will not start with an
// X.509 certificate that is not yet valid or has expired.
+ports = allocatePorts(1);
+port = ports[0];
+var baseName = "jstests_ssl_ssl_invalid_server_cert";
// This test ensures that a mongod will not start with a certificate that is
// not yet valid. Tested certificate will become valid 06-17-2020.
-var md = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/not_yet_valid.pem",
- sslCAFile: "jstests/libs/ca.pem"});
+var md = startMongod("--port", port, "--dbpath", MongoRunner.dataPath + baseName,
+ "--sslMode", "requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/not_yet_valid.pem",
+ "--sslCAFile", "jstests/libs/ca.pem");
assert.eq(null, md, "Possible to start mongod with not yet valid certificate.");
// This test ensures that a mongod with SSL will not start with an expired certificate.
-md = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/expired.pem",
- sslCAFile: "jstests/libs/ca.pem"});
+md = startMongod("--port", port, "--dbpath", MongoRunner.dataPath + baseName,
+ "--sslMode", "requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/expired.pem",
+ "--sslCAFile", "jstests/libs/ca.pem");
assert.eq(null, md, "Possible to start mongod with expired certificate");
diff --git a/jstests/ssl/ssl_options.js b/jstests/ssl/ssl_options.js
index 1881114b482..f4dcb4d4d47 100644
--- a/jstests/ssl/ssl_options.js
+++ b/jstests/ssl/ssl_options.js
@@ -5,8 +5,7 @@ jsTest.log("Testing censorship of ssl options");
var mongodConfig = { sslPEMKeyFile : "jstests/libs/password_protected.pem",
sslMode : "requireSSL",
sslPEMKeyPassword : "qwerty",
- sslClusterPassword : "qwerty",
- sslCAFile: "jstests/libs/ca.pem"};
+ sslClusterPassword : "qwerty" };
var mongodSource = MongoRunner.runMongod(mongodConfig);
var getCmdLineOptsResult = mongodSource.adminCommand("getCmdLineOpts");
diff --git a/jstests/ssl/ssl_weak.js b/jstests/ssl/ssl_weak.js
index 5a239a6d13c..25e2e442549 100644
--- a/jstests/ssl/ssl_weak.js
+++ b/jstests/ssl/ssl_weak.js
@@ -1,22 +1,27 @@
// Test forcing certificate validation
// This tests that forcing certification validation will prohibit clients without certificates
// from connecting.
+ports = allocatePorts( 2 );
+
+var baseName = "jstests_ssl_ssl_weak";
+
// Test that connecting with no client certificate and --sslAllowConnectionsWithoutCertificates
// (an alias for sslWeakCertificateValidation) connects successfully.
-var md = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem",
- sslAllowConnectionsWithoutCertificates: ""});
+var md = startMongod( "--port", ports[0], "--dbpath", MongoRunner.dataPath + baseName + "1",
+ "--sslMode", "requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/server.pem",
+ "--sslCAFile", "jstests/libs/ca.pem",
+ "--sslAllowConnectionsWithoutCertificates");
-var mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates",
+var mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", "--sslAllowInvalidCertificates",
"--eval", ";");
// 0 is the exit code for success
assert(mongo==0);
// Test that connecting with a valid client certificate connects successfully.
-mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidCertificates",
+mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", "--sslAllowInvalidCertificates",
"--sslPEMKeyFile", "jstests/libs/client.pem",
"--eval", ";");
@@ -24,13 +29,14 @@ mongo = runMongoProgram("mongo", "--port", md.port, "--ssl", "--sslAllowInvalidC
assert(mongo==0);
-// Test that connecting with no client certificate and no --sslAllowConnectionsWithoutCertificates
-// fails to connect.
-var md2 = MongoRunner.runMongod({sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem"});
+// Test that connecting with no client certificate and no --sslWeakCertificateValidation fails to
+// connect.
+var md2 = startMongod( "--port", ports[1], "--dbpath", MongoRunner.dataPath + baseName + "2",
+ "--sslMode", "requireSSL",
+ "--sslPEMKeyFile", "jstests/libs/server.pem",
+ "--sslCAFile", "jstests/libs/ca.pem");
-mongo = runMongoProgram("mongo", "--port", md2.port, "--ssl", "--sslAllowInvalidCertificates",
+mongo = runMongoProgram("mongo", "--port", ports[1], "--ssl", "--sslAllowInvalidCertificates",
"--eval", ";");
// 1 is the exit code for failure
diff --git a/jstests/ssl/ssl_without_ca.js b/jstests/ssl/ssl_without_ca.js
index 87e69eed7e4..f70495f3961 100644
--- a/jstests/ssl/ssl_without_ca.js
+++ b/jstests/ssl/ssl_without_ca.js
@@ -1,3 +1,7 @@
+// Must turn these off so we don't have CA file supplied automatically.
+TestData.usex509 = false;
+TestData.useSSL = false;
+
var SERVER_CERT = "jstests/libs/server.pem";
var CLIENT_CERT = "jstests/libs/client.pem";
var CLIENT_USER = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client";
diff --git a/jstests/ssl/upgrade_to_ssl.js b/jstests/ssl/upgrade_to_ssl.js
index 802e99d9eeb..e43162246a2 100644
--- a/jstests/ssl/upgrade_to_ssl.js
+++ b/jstests/ssl/upgrade_to_ssl.js
@@ -7,14 +7,13 @@
* and therefore cannot test modes that do not allow ssl.
*/
+// If we are running in use-x509 passthrough mode, turn it off
+// since it is not necessary for this test.
+TestData.useX509 = false;
load("jstests/ssl/libs/ssl_helpers.js");
// "sslAllowInvalidCertificates" is enabled to avoid hostname conflicts with our testing certs
-var opts = {sslMode:"allowSSL",
- sslPEMKeyFile: SERVER_CERT,
- sslAllowInvalidCertificates: "",
- sslAllowConnectionsWithoutCertificates: "",
- sslCAFile: "jstests/libs/ca.pem"};
+opts = {sslMode:"allowSSL", sslPEMKeyFile: SERVER_CERT, sslAllowInvalidCertificates: ""};
var rst = new ReplSetTest({ name: 'sslSet', nodes: 3, nodeOptions : opts });
rst.startSet();
rst.initiate();
@@ -24,8 +23,7 @@ rstConn1.getDB("test").a.insert({a:1, str:"TESTTESTTEST"});
assert.eq(1, rstConn1.getDB("test").a.count(), "Error interacting with replSet");
print("===== UPGRADE allowSSL -> preferSSL =====");
-opts.sslMode = "preferSSL";
-rst.upgradeSet(opts);
+rst.upgradeSet({sslMode:"preferSSL", sslPEMKeyFile: SERVER_CERT, sslAllowInvalidCertificates: ""});
var rstConn2 = rst.getMaster();
rstConn2.getDB("test").a.insert({a:2, str:"CHECKCHECK"});
assert.eq(2, rstConn2.getDB("test").a.count(), "Error interacting with replSet");
@@ -35,8 +33,7 @@ var canConnectNoSSL = runMongoProgram("mongo", "--port", rst.ports[0], "--eval",
assert.eq(0, canConnectNoSSL, "non-SSL Connection attempt failed when it should succeed");
print("===== UPGRADE preferSSL -> requireSSL =====");
-opts.sslMode = "requireSSL";
-rst.upgradeSet(opts);
+rst.upgradeSet({sslMode:"requireSSL", sslPEMKeyFile: SERVER_CERT, sslAllowInvalidCertificates: ""});
var rstConn3 = rst.getMaster();
rstConn3.getDB("test").a.insert({a:3, str:"GREENEGGSANDHAM"});
assert.eq(3, rstConn3.getDB("test").a.count(), "Error interacting with replSet");
diff --git a/jstests/ssl/upgrade_to_x509_ssl.js b/jstests/ssl/upgrade_to_x509_ssl.js
index a7f8b571d29..c80cbf677aa 100644
--- a/jstests/ssl/upgrade_to_x509_ssl.js
+++ b/jstests/ssl/upgrade_to_x509_ssl.js
@@ -14,6 +14,9 @@ function authAllNodes() {
}
};
+// If we are running in use-x509 passthrough mode, turn it off
+// since it is not necessary for this test.
+TestData.useX509 = false;
load("jstests/ssl/libs/ssl_helpers.js");
opts = {sslMode:"allowSSL", sslPEMKeyFile: SERVER_CERT,
diff --git a/jstests/ssl/x509_client.js b/jstests/ssl/x509_client.js
index c2c15f7b567..c2329554e3f 100644
--- a/jstests/ssl/x509_client.js
+++ b/jstests/ssl/x509_client.js
@@ -1,9 +1,10 @@
+// If we are running in use-x509 passthrough mode, turn it off or else the auth
+// part of this test will not work correctly
+
+TestData.useX509 = false;
+
// Check if this build supports the authenticationMechanisms startup parameter.
-var conn = MongoRunner.runMongod({smallfiles: "",
- auth: "",
- sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem"});
+var conn = MongoRunner.runMongod({ smallfiles: "", auth: "" });
conn.getDB('admin').createUser({user: "root", pwd: "pass", roles: ["root"]});
conn.getDB('admin').auth("root", "pass");
var cmdOut = conn.getDB('admin').runCommand({getParameter: 1, authenticationMechanisms: 1})
@@ -49,16 +50,19 @@ function authAndTest(mongo) {
}
print("1. Testing x.509 auth to mongod");
-var x509_options = {sslMode : "requireSSL",
- sslPEMKeyFile : SERVER_CERT,
- sslCAFile : CA_CERT};
-
-var mongo = MongoRunner.runMongod(Object.merge(x509_options, {port: port, auth: ""}));
+var mongo = MongoRunner.runMongod({port : port,
+ sslMode : "requireSSL",
+ sslPEMKeyFile : SERVER_CERT,
+ sslCAFile : CA_CERT,
+ auth:""});
authAndTest(mongo);
-MongoRunner.stopMongod(port);
+stopMongod(port);
print("2. Testing x.509 auth to mongos");
+var x509_options = {sslMode : "requireSSL",
+ sslPEMKeyFile : SERVER_CERT,
+ sslCAFile : CA_CERT};
var st = new ShardingTest({ shards : 1,
mongos : 1,
@@ -66,7 +70,6 @@ var st = new ShardingTest({ shards : 1,
extraOptions : {"keyFile" : "jstests/libs/key1"},
configOptions : x509_options,
mongosOptions : x509_options,
- shardOptions : x509_options,
}});
authAndTest(new Mongo("localhost:" + st.s0.port))
diff --git a/jstests/sslSpecial/set_parameter_nossl.js b/jstests/sslSpecial/set_parameter_nossl.js
index 0b5e72dd4fb..825ce05fd8e 100644
--- a/jstests/sslSpecial/set_parameter_nossl.js
+++ b/jstests/sslSpecial/set_parameter_nossl.js
@@ -17,7 +17,7 @@ function testTransition(newSSLMode, newClusterAuthMode) {
var res = adminDB.runCommand({ "setParameter" : 1,
"clusterAuthMode" : newClusterAuthMode });
assert(!res["ok"]);
- MongoRunner.stopMongod(port);
+ stopMongod(port);
}
testTransition("allowSSL", "sendKeyFile");
diff --git a/jstests/sslSpecial/ssl_mixedmode.js b/jstests/sslSpecial/ssl_mixedmode.js
index 701c5ea10d7..8ed3c276b3a 100644
--- a/jstests/sslSpecial/ssl_mixedmode.js
+++ b/jstests/sslSpecial/ssl_mixedmode.js
@@ -44,7 +44,7 @@ function testCombination(sslMode, sslShell, shouldSucceed) {
assert.eq(1, mongo, "Connection attempt succeeded when it should fail sslMode:" +
sslMode + " SSL-shell:" + sslShell);
}
- MongoRunner.stopMongod(port);
+ stopMongod(port);
}
testCombination("disabled", false, true);