Improve TLS error diagnostics

    • Type: Investigation
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • 5
    • None
    • Developer Tools

      Currently, TLS errors are hard to debug. We should invest time to investigate solutions that improve diagnostics:

      • We should be able to log the remote server's certificate. This may require changes to Node.js itself to allow reading the certificate (using .getPeerCertificate() or similar APIs) after a TLS error. Alternatively, we could re-connect with rejectUnauthorized: false and log the certificate, but still fail the connection once we have it, after NODE-6601.
      • We should provide some way for users to print their system certificate list. We've asked customers to provide this information manually, but being able to run mongosh with a command line flag to retrieve this data may be worth it.
      • ...?

              Assignee:
              Unassigned
              Reporter:
              Anna Henningsen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: