1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
// Test setParameter tlsWithholdClientCertificate
(function() {
"use strict";
function testRS(opts, expectWarning) {
const rsOpts = {
nodes: {node0: opts, node1: opts},
};
const rs = new ReplSetTest(rsOpts);
rs.startSet();
rs.initiate();
rs.awaitReplication();
const test = rs.getPrimary().getDB('test');
test.foo.insert({bar: "baz"});
rs.awaitReplication();
function checkWarning(member) {
const observed =
/no SSL certificate provided by peer/.test(cat(member.fullOptions.logFile));
assert.eq(observed, expectWarning);
}
checkWarning(rs.getPrimary());
checkWarning(rs.getSecondary());
rs.stopSet();
}
const base_options = {
tlsMode: 'requireTLS',
tlsPEMKeyFile: 'jstests/libs/server.pem',
tlsCAFile: 'jstests/libs/ca.pem',
tlsAllowInvalidHostnames: '',
useLogFiles: true,
};
testRS(base_options, false);
const test_options = Object.extend({
tlsAllowConnectionsWithoutCertificates: '',
setParameter: 'tlsWithholdClientCertificate=true',
},
base_options);
testRS(test_options, true);
}());
|