Use Case

As a... mongosh user or developer
I want... to be able to specify a CRL file in the connection string
So that... I can keep connecting the way I have done before the 6.x driver was being used

User Impact

NODE-5376 removed the sslCRL connection string option without a replacement. crl=... could be used, but would expect the file content as part of the connection string rather than a filename.

Ideally, this option would match the other TLS options, and could be specified in a connection string parameter.

Dependencies

This is for mongosh --tlsCRLFile support.

If this option is not available as part of the 6.0.0 driver release, mongosh will need to manually read the file specified in --tlsCRLFile, and users who specified it in the connection string will need to adjust their code to use the command line option.

Unknowns

• Why isn't there a drivers spec option for this? Should there be one?
  • Some driver SSL implementations do not support supplying a CRL
• How do other drivers currently allow this to be set?
  • Python uses the same option, tlsCRLFile, php uses crl_file

Acceptance Criteria

Implementation Requirements

• Determine an option name that is as consistent as possible with other drivers
• Allow option to be passed in the URI & constructor to specify a crl file name
• Read file contents async

Testing Requirements

• Unit tests at a minimum
• Integration tests if possible

Documentation Requirements

• Update existing MongoDB manual docs
• Update the tls options API docs table
• Update 5.x api deprecation message for sslCrl to point to the new option

Follow Up Requirements

• N/A