|
As a note, it is possible the case that enabling certificate validation in tests may only require some changes to the test script run-tests.sh on RHEL 6.2.
When enabling the test variant RHEL 6.2, TLS handshake failures occurred due to certificate validation failure: CDRIVER-3557. run-tests.sh attempts to copy the CA cert to /usr/local/share/ca-certificates here: https://github.com/mongodb/mongo-c-driver/blob/1.16.0/.evergreen/run-tests.sh/#L30-L39. That fails on RHEL 6.2 (example), but succeeds on other variants (Example).
Because of that, tests that were constructing a mongoc_client_t from the test URI without calling test_framework_set_ssl_opts were failing on RHEL 6.2, because they were not disabling certificate validation. Since those tests passed elsewhere, certificate validation was at least working on those tests on every other variant.
Another note, test_framework_get_uri_str includes "ssl=true" if any of the TLS test environment variables are set. But, it sets no other TLS options. Perhaps we should rethink that, since it's very easy to think that constructing a client with test_framework_get_uri_str is equivalent to test_framework_client_new, and the only difference will be that it lacks some TLS options, but still enables TLS.
|