38 lines
1.2 KiB
JavaScript
38 lines
1.2 KiB
JavaScript
// Test that including intermediate certificates
|
|
// in the certificate key file will be sent to the remote.
|
|
|
|
(function() {
|
|
'use strict';
|
|
|
|
load('jstests/ssl/libs/ssl_helpers.js');
|
|
|
|
if (determineSSLProvider() === 'windows') {
|
|
// FIXME: SERVER-39574
|
|
print("Skipping test with windows SChannel pending SERVER-39574");
|
|
return;
|
|
}
|
|
|
|
// server-intermediate-ca was signed by ca.pem, not trusted-ca.pem
|
|
const VALID_CA = 'jstests/libs/ca.pem';
|
|
const INVALID_CA = 'jstests/libs/trusted-ca.pem';
|
|
|
|
function runTest(inbound, outbound) {
|
|
const mongod = MongoRunner.runMongod({
|
|
sslMode: 'requireSSL',
|
|
sslAllowConnectionsWithoutCertificates: '',
|
|
sslPEMKeyFile: 'jstests/libs/server-intermediate-ca.pem',
|
|
sslCAFile: outbound,
|
|
sslClusterCAFile: inbound,
|
|
});
|
|
assert(mongod);
|
|
assert.eq(mongod.getDB('admin').system.users.find({}).toArray(), []);
|
|
MongoRunner.stopMongod(mongod);
|
|
}
|
|
|
|
// Normal mode, we have a valid CA being presented for outbound and inbound.
|
|
runTest(VALID_CA, VALID_CA);
|
|
|
|
// Alternate CA mode, only the inbound CA is valid.
|
|
runTest(VALID_CA, INVALID_CA);
|
|
})();
|