-
Type: Investigation
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
5
-
Developer Tools
Currently, TLS errors are hard to debug. We should invest time to investigate solutions that improve diagnostics:
- We should be able to log the remote server's certificate. This may require changes to Node.js itself to allow reading the certificate (using .getPeerCertificate() or similar APIs) after a TLS error. Alternatively, we could re-connect with rejectUnauthorized: false and log the certificate, but still fail the connection once we have it, after NODE-6601.
- We should provide some way for users to print their system certificate list. We've asked customers to provide this information manually, but being able to run mongosh with a command line flag to retrieve this data may be worth it.
- ...?
- depends on
-
NODE-6601 Expose pluggable interface for I/O functions
- Backlog
- related to
-
COMPASS-8619 Re-try connection without System Certificates in case of TLS errors
- Closed
-
MONGOSH-1935 Re-try connection without System Certificates in case of TLS errors
- Closed