Improve TLS error diagnostics

    • Type: Investigation
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • 5
    • None
    • Developer Tools

      Currently, TLS errors are hard to debug. We should invest time to investigate solutions that improve diagnostics:

      • We should be able to log the remote server's certificate. This may require changes to Node.js itself to allow reading the certificate (using .getPeerCertificate() or similar APIs) after a TLS error. Alternatively, we could re-connect with rejectUnauthorized: false and log the certificate, but still fail the connection once we have it, after NODE-6601.
      • We should provide some way for users to print their system certificate list. We've asked customers to provide this information manually, but being able to run mongosh with a command line flag to retrieve this data may be worth it.
      • ...?

            Assignee:
            Unassigned
            Reporter:
            Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: