-
Type: Investigation
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Not Needed
Use Case
As a... mongosh user or developer
I want... to be able to specify a CRL file in the connection string
So that... I can keep connecting the way I have done before the 6.x driver was being used
User Impact
NODE-5376 removed the sslCRL connection string option without a replacement. crl=... could be used, but would expect the file content as part of the connection string rather than a filename.
Ideally, this option would match the other TLS options, and could be specified in a connection string parameter.
Dependencies
This is for mongosh --tlsCRLFile support.
If this option is not available as part of the 6.0.0 driver release, mongosh will need to manually read the file specified in --tlsCRLFile, and users who specified it in the connection string will need to adjust their code to use the command line option.
Unknowns
- Why isn't there a drivers spec option for this? Should there be one?
- Some driver SSL implementations do not support supplying a CRL
- How do other drivers currently allow this to be set?
- Python uses the same option, tlsCRLFile, php uses crl_file
Acceptance Criteria
Implementation Requirements
- Determine an option name that is as consistent as possible with other drivers
- Allow option to be passed in the URI & constructor to specify a crl file name
- Read file contents async
Testing Requirements
- Unit tests at a minimum
- Integration tests if possible
Documentation Requirements
- Update existing MongoDB manual docs
- Update the tls options API docs table
- Update 5.x api deprecation message for sslCrl to point to the new option
Follow Up Requirements
- N/A
- depends on
-
NODE-5549 Allow setting TLS CRL through connection string
- Closed