[COMPASS-7140] Investigate changes in NODE-5549: Allow setting TLS CRL through connection string Created: 23/Aug/23  Updated: 01/Sep/23  Resolved: 01/Sep/23

Status: Closed
Project: Compass
Component/s: None
Affects Version/s: None
Fix Version/s: No version

Type: Investigation Priority: Major - P3
Reporter: PM Bot Assignee: Unassigned
Resolution: Done Votes: 0
Labels: node-driver
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on NODE-5549 Allow setting TLS CRL through connect... Closed
Documentation Changes: Not Needed

 Description   

Use Case

As a... mongosh user or developer
I want... to be able to specify a CRL file in the connection string
So that... I can keep connecting the way I have done before the 6.x driver was being used

User Impact

NODE-5376 removed the sslCRL connection string option without a replacement. crl=... could be used, but would expect the file content as part of the connection string rather than a filename.

Ideally, this option would match the other TLS options, and could be specified in a connection string parameter.

Dependencies

This is for mongosh --tlsCRLFile support.

If this option is not available as part of the 6.0.0 driver release, mongosh will need to manually read the file specified in --tlsCRLFile, and users who specified it in the connection string will need to adjust their code to use the command line option.

Unknowns

  • Why isn't there a drivers spec option for this? Should there be one?
    • Some driver SSL implementations do not support supplying a CRL
  • How do other drivers currently allow this to be set?
    • Python uses the same option, tlsCRLFile, php uses crl_file

Acceptance Criteria

Implementation Requirements

  • Determine an option name that is as consistent as possible with other drivers
  • Allow option to be passed in the URI & constructor to specify a crl file name
  • Read file contents async

Testing Requirements

  • Unit tests at a minimum
  • Integration tests if possible

Documentation Requirements

  • Update existing MongoDB manual docs
  • Update the tls options API docs table
  • Update 5.x api deprecation message for sslCrl to point to the new option

Follow Up Requirements

  • N/A


 Comments   
Comment by Rhys Howell [ 01/Sep/23 ]

No changes needed, this isn't exposed in Compass and we've already handled it as part of the 6.0 updates in mongosh.

Generated at Wed Feb 07 22:45:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.