summaryrefslogtreecommitdiff
path: root/jstests/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/ssl')
-rw-r--r--jstests/ssl/ssl_withhold_client_cert.js45
1 files changed, 45 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_withhold_client_cert.js b/jstests/ssl/ssl_withhold_client_cert.js
new file mode 100644
index 00000000000..3839e5d6aef
--- /dev/null
+++ b/jstests/ssl/ssl_withhold_client_cert.js
@@ -0,0 +1,45 @@
+// Test setParameter tlsWithholdClientCertificate
+
+(function() {
+ "use strict";
+
+ function testRS(opts, expectWarning) {
+ const rsOpts = {
+ nodes: {node0: opts, node1: opts},
+ };
+ const rs = new ReplSetTest(rsOpts);
+ rs.startSet();
+ rs.initiate();
+ rs.awaitReplication();
+
+ const test = rs.getPrimary().getDB('test');
+ test.foo.insert({bar: "baz"});
+ rs.awaitReplication();
+
+ function checkWarning(member) {
+ const observed =
+ /no SSL certificate provided by peer/.test(cat(member.fullOptions.logFile));
+ assert.eq(observed, expectWarning);
+ }
+ checkWarning(rs.getPrimary());
+ checkWarning(rs.getSecondary());
+ rs.stopSet();
+ }
+
+ const base_options = {
+ tlsMode: 'requireTLS',
+ tlsPEMKeyFile: 'jstests/libs/server.pem',
+ tlsCAFile: 'jstests/libs/ca.pem',
+ tlsAllowInvalidHostnames: '',
+ useLogFiles: true,
+ };
+ testRS(base_options, false);
+
+ const test_options = Object.extend({
+ tlsAllowConnectionsWithoutCertificates: '',
+ setParameter: 'tlsWithholdClientCertificate=true',
+ },
+ base_options);
+
+ testRS(test_options, true);
+}());
View Lorry Controller Status