Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3379

Remove x509 tests against ldaptest.10gen.cc

    • Type: Icon: Task Task
    • Resolution: Gone away
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Build, Testing
    • None

      The C driver evergreen project tests auth with x509 against ldaptest.10gen.cc, using certificates referenced in this wiki page
      https://wiki.corp.mongodb.com/display/DRIVERS/Testing+x.509.

      AFAIK no other drivers are testing x509 auth against ldaptest, but our auth tests are failing on rhel80 due to the weak crypto in those certs.

      Copying from Roberto Sanchez's comment in CDRIVER-2940, the authentication task connects like so:

      [2019/09/23 22:47:21.881] + echo 'Authenticating using X.509'
      [2019/09/23 22:47:21.881] + ./src/libmongoc/mongoc-ping 'mongodb://CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US@ldaptest.10gen.cc/?ssl=true&authMechanism=MONGODB-X509&sslClientCertificateKeyFile=src/libmongoc/tests/x509gen/legacy-x509.pem&sslCertificateAuthorityFile=src/libmongoc/tests/x509gen/legacy-ca.crt&sslAllowInvalidHostnames=true&connectTimeoutMS=30000&serverSelectionTryOnce=false'
      [2019/09/23 22:47:51.438] Ping failure: No suitable servers found: `serverselectiontimeoutms` timed out: [TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed calling ismaster on 'ldaptest.10gen.cc:27017']
      [2019/09/23 22:47:51.439] OpenSSL 1.1.1 FIPS 11 Sep 2018
      Authenticating using X.509
      [2019/09/23 22:47:51.439] Command failed: command encountered problem: exit status 3

      There is a long-open BUILD ticket to regenerate those certs here in BUILD-2782. But I believe testing x509 against ldaptest.10gen.cc does not give us additional coverage. We test x509 as part of our normal auth tests (our orchestration files use the certs referenced in DRIVERS-575, which all other drivers use).

      Let's verify that testing against ldaptest.10gen.cc really does not give us any benefit, and then remove those tests.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: