1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
// Test invalid SSL keyfile settings.
(function() {
'use strict';
function runTest(name, config, expect) {
jsTest.log('Running test: ' + name);
clearRawMongoProgramOutput();
let mongod = null;
let err = null;
try {
mongod = MongoRunner.runMongod(config);
} catch (e) {
err = e;
}
assert.eq(null, mongod, 'Mongod started unexpectedly');
const output = rawMongoProgramOutput();
assert.eq(
true, output.includes(expect), "Server failure message did not include '" + expect + "'");
}
const validityMessage = 'The provided SSL certificate is expired or not yet valid';
// Test that startup fails with certificate that has yet to become valid.
const notYetValid = {
tlsMode: 'requireTLS',
tlsCertificateKeyFile: 'jstests/libs/not_yet_valid.pem',
tlsCAFile: 'jstests/libs/ca.pem',
};
runTest('not-yet-valid', notYetValid, validityMessage);
// Test that startup fails with expired certificate.
const expired = {
tlsMode: 'requireTLS',
tlsCertificateKeyFile: 'jstests/libs/expired.pem',
tlsCAFile: 'jstests/libs/ca.pem',
};
runTest('expired', expired, validityMessage);
// Test that startup fails with no certificate at all.
const needKeyFile = 'need tlsCertificateKeyFile or certificateSelector when TLS is enabled';
runTest('no-key-file', {tlsMode: 'requireTLS'}, needKeyFile);
})();
|
