2023-10-25 02:34:03 +02:00
|
|
|
import {CA_CERT, SERVER_CERT} from "jstests/ssl/libs/ssl_helpers.js";
|
|
|
|
|
|
|
|
// Neither tlsCAFile nor tlsUseSystemCA
|
|
|
|
var opts = {
|
|
|
|
tlsMode: "requireTLS",
|
|
|
|
tlsCertificateKeyFile: SERVER_CERT,
|
|
|
|
};
|
|
|
|
assert.throws(() => MongoRunner.runMongod(opts),
|
|
|
|
[],
|
|
|
|
"MongoD started successfully with neither tlsCAFile nor tlsUseSystemCA");
|
2024-10-22 23:03:44 +02:00
|
|
|
assert(rawMongoProgramOutput(".*").includes(
|
2023-10-25 02:34:03 +02:00
|
|
|
"The use of TLS without specifying a chain of trust is no longer supported"));
|
|
|
|
clearRawMongoProgramOutput();
|
|
|
|
|
|
|
|
// Both tlsCAFile and tlsUseSystemCA
|
|
|
|
opts = {
|
|
|
|
tlsMode: "requireTLS",
|
|
|
|
tlsCertificateKeyFile: SERVER_CERT,
|
|
|
|
tlsCAFile: CA_CERT,
|
|
|
|
setParameter: {tlsUseSystemCA: true},
|
|
|
|
};
|
|
|
|
assert.throws(() => MongoRunner.runMongod(opts),
|
|
|
|
[],
|
|
|
|
"MongoD started successfully with both tlsCAFile and tlsUseSystemCA");
|
2024-10-22 23:03:44 +02:00
|
|
|
assert(rawMongoProgramOutput(".*").includes(
|
2023-10-25 02:34:03 +02:00
|
|
|
"The use of both a CA File and the System Certificate store is not supported"));
|
|
|
|
clearRawMongoProgramOutput();
|
|
|
|
|
|
|
|
// Both tlsCAFile and tlsUseSystemCA, also tlsClusterCAFile (which is OK)
|
|
|
|
opts = {
|
|
|
|
tlsMode: "requireTLS",
|
|
|
|
tlsCertificateKeyFile: SERVER_CERT,
|
|
|
|
tlsCAFile: CA_CERT,
|
|
|
|
tlsClusterCAFile: CA_CERT,
|
|
|
|
setParameter: {tlsUseSystemCA: true},
|
|
|
|
};
|
|
|
|
assert.throws(() => MongoRunner.runMongod(opts),
|
|
|
|
[],
|
|
|
|
"MongoD started successfully with both tlsCAFile and tlsUseSystemCA");
|
2024-10-22 23:03:44 +02:00
|
|
|
assert(rawMongoProgramOutput(".*").includes(
|
2023-10-25 02:34:03 +02:00
|
|
|
"The use of both a CA File and the System Certificate store is not supported"));
|
|
|
|
clearRawMongoProgramOutput();
|
|
|
|
|
|
|
|
// tlsClusterCAFile without tlsCAFile
|
|
|
|
opts = {
|
|
|
|
tlsMode: "requireTLS",
|
|
|
|
tlsCertificateKeyFile: SERVER_CERT,
|
|
|
|
tlsClusterCAFile: CA_CERT,
|
|
|
|
};
|
|
|
|
assert.throws(() => MongoRunner.runMongod(opts),
|
|
|
|
[],
|
|
|
|
"MongoD started successfully with tlsClusterCAFile without tlsCAFile");
|
2024-10-22 23:03:44 +02:00
|
|
|
assert(rawMongoProgramOutput(".*").includes(
|
2023-10-25 02:34:03 +02:00
|
|
|
"Specifying a tlsClusterCAFile requires a tlsCAFile also be specified"));
|
|
|
|
clearRawMongoProgramOutput();
|
|
|
|
|
|
|
|
// tlsClusterCAFile without tlsCAFile, also tlsSystemCA (which is ignored in favor of former error)
|
|
|
|
opts = {
|
|
|
|
tlsMode: "requireTLS",
|
|
|
|
tlsCertificateKeyFile: SERVER_CERT,
|
|
|
|
tlsClusterCAFile: CA_CERT,
|
|
|
|
setParameter: {tlsUseSystemCA: true},
|
|
|
|
};
|
|
|
|
assert.throws(() => MongoRunner.runMongod(opts),
|
|
|
|
[],
|
|
|
|
"MongoD started successfully with tlsClusterCAFile without tlsCAFile");
|
2024-10-22 23:03:44 +02:00
|
|
|
assert(rawMongoProgramOutput(".*").includes(
|
2023-10-25 02:34:03 +02:00
|
|
|
"Specifying a tlsClusterCAFile requires a tlsCAFile also be specified"));
|