[SERVER-79414] Improve SSL suite of jstests Created: 27/Jul/23  Updated: 07/Feb/24

Status: Open
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Brad Moore Assignee: Brad Moore
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-84397 Use proper SSL options in tests Closed
Assigned Teams:
Server Security
Sprint: Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18, Security 2023-10-02, Security 2023-12-11, Security 2023-12-25, Security 2024-01-08, Security 2024-03-04
Participants:

 Description   

There are issues with the SSL suite of tests that don't directly cause issues with MongoDB but will continue to cost engineer hours when they are dealt with.

  1. ca.pem is generally used as the default trusted CA... except sometimes trusted-ca.pem is used. But even in the latter case, suites.yml specifies ca.yml and the associated client.pem, meaning the shell running the tests may not connect correctly, etc.
  2. Windows tests use certutil.exe to add certs to the system store then never remove them. This persistence can cause unexpected behavior locally, and requires slowing down evergreen builds by using resmoke_jobs_max: 1 in definitions.yaml to prevent tests from running concurrently
  3. Options referencing SSL are widely used when TLS aliases should be used
  4. Logging styles are all over the place, even within just this single SSL suite

notes:

certutil.exe -delstore will be useful, it takes a thumbprint as input, thumbprints are in the jstests/libs dir


Generated at Thu Feb 08 06:40:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.