summaryrefslogtreecommitdiff
path: root/jstests/ssl/ssl_withhold_client_cert.js
blob: 919409bbd604cb66922c3f557f3fd19be543ad32 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

// Test setParameter tlsWithholdClientCertificate

(function() {
    "use strict";

    function testRS(opts, expectWarning) {
        const rsOpts = {
            nodes: {node0: opts, node1: opts},
        };
        const rs = new ReplSetTest(rsOpts);
        rs.startSet();
        rs.initiate();
        rs.awaitReplication();

        const test = rs.getPrimary().getDB('test');
        test.foo.insert({bar: "baz"});
        rs.awaitReplication();

        function checkWarning(member) {
            const observed =
                /no SSL certificate provided by peer/.test(cat(member.fullOptions.logFile));
            assert.eq(observed, expectWarning);
        }
        checkWarning(rs.getPrimary());
        checkWarning(rs.getSecondary());
        rs.stopSet();
    }

    const base_options = {
        tlsMode: 'requireTLS',
        tlsCertificateKeyFile: 'jstests/libs/server.pem',
        tlsCAFile: 'jstests/libs/ca.pem',
        tlsAllowInvalidHostnames: '',
        useLogFiles: true,
    };
    testRS(base_options, false);

    const test_options = Object.extend({
        tlsAllowConnectionsWithoutCertificates: '',
        setParameter: 'tlsWithholdClientCertificate=true',
    },
                                       base_options);

    testRS(test_options, true);

    const depr_options = Object.extend({
        sslAllowConnectionsWithoutCertificates: '',
        setParameter: 'sslWithholdClientCertificate=true',
    },
                                       base_options);

    testRS(depr_options, true);
}());
View Lorry Controller Status