Priority: Major - P3
Resolution: Works as Designed
Affects Version/s: 3.4.0
Fix Version/s: None
It was noticed that mongodump that is shipped with MongoDB v3.4 (tested 3.4.0 and 3.4.2) attempts to validate the server's certificate if --sslCAFile option is not used:
For comparison, mongodump that comes with MongoDB 3.2 works just fine:
To clarify, the documentation for both MongoDB 3.2 and 3.4 does say that without --sslCAFile mongodump will not attempt to validate the server's certificate:
For SSL connections (--ssl) to mongod and mongos, if the mongodump runs without the --sslCAFile, mongodump will not attempt to validate the server certificates.
From that mongodump v3.4 does not behave correctly. Should this change in behaviour be expected, that needs to be reflected in the documentation. If that case please move the ticket into the DOCS project.
The workaround is to either specify a proper CA file with
-sslCAFile or disable certificate validation explicitly with -sslAllowInvalidCertificates.