mongo/jstests/ssl/ssl_client_certificate_warning_suppression.js

/**
 * Tests the startup-only setParameter value suppressNoTLSPeerCertificateWarning which suppresses
 * the log message "No SSL certificate provided by peer" when a client certificate is not provided.
 * This only works if weak validation is enabled.
 *
 * This test confirms that the log message is output when the setParameter is set to true,
 * and is not output when the setParameter is set to false.
 */

import {CA_CERT} from "jstests/ssl/libs/ssl_helpers.js";

function test(suppress) {
    const opts = {
        tlsMode: "requireTLS",
        tlsCertificateKeyFile: getX509Path("server.pem"),
        tlsCAFile: getX509Path("ca.pem"),
        waitForConnect: false,
        tlsAllowConnectionsWithoutCertificates: "",
        setParameter: {suppressNoTLSPeerCertificateWarning: suppress},
    };
    clearRawMongoProgramOutput();
    const mongod = MongoRunner.runMongod(opts);

    assert.soon(function () {
        return (
            runMongoProgram(
                "mongo",
                "--tls",
                "--tlsAllowInvalidHostnames",
                "--tlsCAFile",
                CA_CERT,
                "--port",
                mongod.port,
                "--eval",
                "quit()",
            ) === 0
        );
    }, "mongo did not initialize properly");

    // Keep checking the log file until client metadata is logged since the SSL warning is
    // logged before it.
    assert.soon(
        () => {
            const log = rawMongoProgramOutput(".*");
            return log.search("client metadata") !== -1;
        },
        "logfile should contain 'client metadata'.\n" +
            "Log File Contents\n==============================\n" +
            rawMongoProgramOutput(".*") +
            "\n==============================\n",
    );

    // Now check for the message
    const log = rawMongoProgramOutput(".*");
    assert.eq(suppress, log.match(/[N,n]o SSL certificate provided by peer/) === null);

    try {
        MongoRunner.stopMongod(mongod);
    } catch (e) {
        // Depending on timing, exitCode might be 0, 1, or -9.
        // All that matters is that it dies, resmoke will tell us if that failed.
        // So just let it go, the exit code never bothered us anyway.
    }
}

test(true);
test(false);