-
Type:
Investigation
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
5
-
None
-
Developer Tools
Currently, TLS errors are hard to debug. We should invest time to investigate solutions that improve diagnostics:
- We should be able to log the remote server's certificate. This may require changes to Node.js itself to allow reading the certificate (using .getPeerCertificate() or similar APIs) after a TLS error. Alternatively, we could re-connect with rejectUnauthorized: false and log the certificate, but still fail the connection once we have it, after NODE-6601.
- We should provide some way for users to print their system certificate list. We've asked customers to provide this information manually, but being able to run mongosh with a command line flag to retrieve this data may be worth it.
- ...?
- depends on
-
NODE-6601 Remove dependence on runtime specific APIs
-
- Ready for Work
-
- is related to
-
COMPASS-9490 Improve TLS error diagnostics
-
- Backlog
-
- related to
-
COMPASS-8948 Retry OIDC connection without system certificates on TLS errors
-
- Closed
-
-
COMPASS-8619 Re-try connection without System Certificates in case of TLS errors
-
- Closed
-
-
-
- Closed
-