Details
-
Improvement
-
Resolution: Done
-
Major - P3
-
None
-
None
Description
When I completed TOOLS-1142, I didn't think that documentation was needed, but now I realize that there are a couple of changes that should be made.
In the old functionality, if one didn't supply a --sslCAFile flag, we didn't validate certificates. So that the absence of --sslCAFile was treated like the presence of --sslAllowInvalidCertificates. There is a warning to this effect. The warning is now out of date, and should be updated to reflect that this only occurred in 3.0 and 3.2.
In the new functionality, if one don't specify a --sslCAFile, we load the system CA file. This means that we probably want to reword the documentation of --sslCAFile to indicate that proving a CA File causes the certs to be validated against the provided CA file instead of being validated against the system CA file.
Attachments
Issue Links
- is related to
-
TOOLS-1621 mongodump 3.4 attempts to validate the server's cert if the sslCAFile option is not used
-
- Closed
-