summaryrefslogtreecommitdiff
path: root/jstests/ssl/ssl_intermediate_ca.js
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/ssl/ssl_intermediate_ca.js')
-rw-r--r--jstests/ssl/ssl_intermediate_ca.js37
1 files changed, 37 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_intermediate_ca.js b/jstests/ssl/ssl_intermediate_ca.js
new file mode 100644
index 00000000000..838f43bcb30
--- /dev/null
+++ b/jstests/ssl/ssl_intermediate_ca.js
@@ -0,0 +1,37 @@
+// Test that including intermediate certificates
+// in the certificate key file will be sent to the remote.
+
+(function() {
+ 'use strict';
+
+ load('jstests/ssl/libs/ssl_helpers.js');
+
+ if (determineSSLProvider() === 'windows') {
+ // FIXME: SERVER-39574
+ print("Skipping test with windows SChannel pending SERVER-39574");
+ return;
+ }
+
+ // server-intermediate-ca was signed by ca.pem, not trusted-ca.pem
+ const VALID_CA = 'jstests/libs/ca.pem';
+ const INVALID_CA = 'jstests/libs/trusted-ca.pem';
+
+ function runTest(inbound, outbound) {
+ const mongod = MongoRunner.runMongod({
+ sslMode: 'requireSSL',
+ sslAllowConnectionsWithoutCertificates: '',
+ sslPEMKeyFile: 'jstests/libs/server-intermediate-ca.pem',
+ sslCAFile: outbound,
+ sslClusterCAFile: inbound,
+ });
+ assert(mongod);
+ assert.eq(mongod.getDB('admin').system.users.find({}).toArray(), []);
+ MongoRunner.stopMongod(mongod);
+ }
+
+ // Normal mode, we have a valid CA being presented for outbound and inbound.
+ runTest(VALID_CA, VALID_CA);
+
+ // Alternate CA mode, only the inbound CA is valid.
+ runTest(VALID_CA, INVALID_CA);
+})();
View Lorry Controller Status