jstests/ssl/x509_startup_warning.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

// Test for startuo warning when X509 auth and sslAllowInvalidCertificates are enabled

(function() {
    'use strict';

    function runTest(opts, expectWarning) {
        clearRawMongoProgramOutput();
        const mongod = MongoRunner.runMongod(Object.assign({
            auth: '',
            sslMode: 'requireSSL',
            sslPEMKeyFile: 'jstests/libs/server.pem',
            sslCAFile: 'jstests/libs/ca.pem',
        },
                                                           opts));
        assert.eq(expectWarning,
                  rawMongoProgramOutput().includes(
                      'WARNING: While invalid X509 certificates may be used'));
        MongoRunner.stopMongod(mongod);
    }

    // Don't expect a warning when we're not using both options together.
    runTest({}, false);
    runTest({sslAllowInvalidCertificates: '', setParameter: 'authenticationMechanisms=SCRAM-SHA-1'},
            false);
    runTest({setParameter: 'authenticationMechanisms=MONGODB-X509'}, false);
    runTest({clusterAuthMode: 'x509'}, false);

    // Do expect a warning when we're combining options.
    runTest(
        {sslAllowInvalidCertificates: '', setParameter: 'authenticationMechanisms=MONGODB-X509'},
        true);
    runTest({sslAllowInvalidCertificates: '', clusterAuthMode: 'x509'}, true);
})();