jstests/ssl/ssl_crl_revoked.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

// Test a revoked CRL -- ensure that a connection is not allowed.
// Note: crl_client_revoked.pem is a CRL with the client.pem certificate listed as revoked.
// This test should test that the user cannot connect with client.pem certificate.

var md = MongoRunner.runMongod({
    sslMode: "requireSSL",
    sslPEMKeyFile: "jstests/libs/server.pem",
    sslCAFile: "jstests/libs/ca.pem",
    sslCRLFile: "jstests/libs/crl_client_revoked.pem"
});

var mongo = runMongoProgram("mongo",
                            "--port",
                            md.port,
                            "--ssl",
                            "--sslAllowInvalidCertificates",
                            "--sslPEMKeyFile",
                            "jstests/libs/client_revoked.pem",
                            "--eval",
                            ";");

// 1 is the exit code for the shell failing to connect, which is what we want
// for a successful test.
assert(mongo == 1);