|
To give some more context on this, we do actually have tests of this for the server: https://github.com/mongodb/mongo/blob/master/jstests/ssl/ssl_cert_password.js#L13
There's a comment there, that says "connects a mongo shell", which may make it seem like the options are passed to the shell as well, but that is not the case here.
The "runMongod" javascript test helper and similar test helpers do the following things:
- Fork a new process (in this case "mongod")
- Make a new connection to the new process, hard coded to connect via localhost (by calling new Mongo("127.0.0.1:" + newPort))
- Return this new connection object
Note that at no point is the "mongo" process forked. What this means is that the connection object is made in the context of the mongo shell that was used to run the test in the first place. This means that if you start a mongo shell with no ssl options, and try to use "runMongod" to create a mongod that only allows ssl connection, a connection cannot be established and an exception will be thrown.
What this means in our test framework is that "--use-ssl" should be passed to "buildscripts/smoke.py" whenever it is used to run javascript tests that are testing ssl connections. This will cause smoke.py to spawn the mongo shell that is uses to run the test with ssl options: https://github.com/mongodb/mongo/blob/master/buildscripts/smoke.py#L453
Note that a few of the SSL options are actually passed to the shell at this point, so only the following are not tested at all on the client side:
--sslPEMKeyPassword arg
|
--sslCRLFile arg
|
--sslFIPSMode
|
None of these options are currently tested for the tools. Part of the reason for this is that the helpers used to spawn tool instances from the jstests do not check the "passthrough" configuration: https://jira.mongodb.org/browse/SERVER-12919
|