0
0
mirror of https://github.com/mongodb/mongo.git synced 2024-11-24 08:30:56 +01:00
mongodb/jstests/ssl/ssl_ca_options.js

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

68 lines
2.5 KiB
JavaScript
Raw Normal View History

import {CA_CERT, SERVER_CERT} from "jstests/ssl/libs/ssl_helpers.js";
// Neither tlsCAFile nor tlsUseSystemCA
var opts = {
tlsMode: "requireTLS",
tlsCertificateKeyFile: SERVER_CERT,
};
assert.throws(() => MongoRunner.runMongod(opts),
[],
"MongoD started successfully with neither tlsCAFile nor tlsUseSystemCA");
assert(rawMongoProgramOutput().includes(
"The use of TLS without specifying a chain of trust is no longer supported"));
clearRawMongoProgramOutput();
// Both tlsCAFile and tlsUseSystemCA
opts = {
tlsMode: "requireTLS",
tlsCertificateKeyFile: SERVER_CERT,
tlsCAFile: CA_CERT,
setParameter: {tlsUseSystemCA: true},
};
assert.throws(() => MongoRunner.runMongod(opts),
[],
"MongoD started successfully with both tlsCAFile and tlsUseSystemCA");
assert(rawMongoProgramOutput().includes(
"The use of both a CA File and the System Certificate store is not supported"));
clearRawMongoProgramOutput();
// Both tlsCAFile and tlsUseSystemCA, also tlsClusterCAFile (which is OK)
opts = {
tlsMode: "requireTLS",
tlsCertificateKeyFile: SERVER_CERT,
tlsCAFile: CA_CERT,
tlsClusterCAFile: CA_CERT,
setParameter: {tlsUseSystemCA: true},
};
assert.throws(() => MongoRunner.runMongod(opts),
[],
"MongoD started successfully with both tlsCAFile and tlsUseSystemCA");
assert(rawMongoProgramOutput().includes(
"The use of both a CA File and the System Certificate store is not supported"));
clearRawMongoProgramOutput();
// tlsClusterCAFile without tlsCAFile
opts = {
tlsMode: "requireTLS",
tlsCertificateKeyFile: SERVER_CERT,
tlsClusterCAFile: CA_CERT,
};
assert.throws(() => MongoRunner.runMongod(opts),
[],
"MongoD started successfully with tlsClusterCAFile without tlsCAFile");
assert(rawMongoProgramOutput().includes(
"Specifying a tlsClusterCAFile requires a tlsCAFile also be specified"));
clearRawMongoProgramOutput();
// tlsClusterCAFile without tlsCAFile, also tlsSystemCA (which is ignored in favor of former error)
opts = {
tlsMode: "requireTLS",
tlsCertificateKeyFile: SERVER_CERT,
tlsClusterCAFile: CA_CERT,
setParameter: {tlsUseSystemCA: true},
};
assert.throws(() => MongoRunner.runMongod(opts),
[],
"MongoD started successfully with tlsClusterCAFile without tlsCAFile");
assert(rawMongoProgramOutput().includes(
"Specifying a tlsClusterCAFile requires a tlsCAFile also be specified"));