-
Type: Task
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Labels:None
https://docs.mongodb.org/manual/reference/configuration-options/#net.ssl.mode
I am not completely sure whether I don't understand the following paragraph or if it should be the other way around:
If the client presents a certificate and the mongos or mongod has net.ssl.allowConnectionsWithoutCertificates enabled, the mongos or mongod will validate the certificate using the root certificate chain specified by CAFile and reject clients with invalid certificates.
I would have expected that if allowConnectionsWithoutCertificates is enabled it would accept connections without a valid certificate, and not the other way around. Or does this mean that if this is enabled and a certificate is given by the connection, then it has to be a valid certificate but connections without a certificate would be accepted as well?