Description
It is possible to connect to a mongod (and probably mongos) whose sslPEMKeyFile is in the client's CRL if the client doesn't specify sslCAFile. I would expect that the client not be able to connect, and a message would be displayed similar to the one that displays if you do specify sslCAFile. Interestingly, if you try to do this in reverse (don't specify sslCAFile on the server but give it a CRL), mongod displays:
Error storing command line: BadValue need sslCAFile with sslCRLFile
|
This behavior should be part of client programs, too.