Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-7140

Investigate changes in NODE-5549: Allow setting TLS CRL through connection string

    • Type: Icon: Investigation Investigation
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • No version
    • Affects Version/s: None
    • Component/s: None
    • Not Needed

      Use Case

      As a... mongosh user or developer
      I want... to be able to specify a CRL file in the connection string
      So that... I can keep connecting the way I have done before the 6.x driver was being used

      User Impact

      NODE-5376 removed the sslCRL connection string option without a replacement. crl=... could be used, but would expect the file content as part of the connection string rather than a filename.

      Ideally, this option would match the other TLS options, and could be specified in a connection string parameter.

      Dependencies

      This is for mongosh --tlsCRLFile support.

      If this option is not available as part of the 6.0.0 driver release, mongosh will need to manually read the file specified in --tlsCRLFile, and users who specified it in the connection string will need to adjust their code to use the command line option.

      Unknowns

      • Why isn't there a drivers spec option for this? Should there be one?
        • Some driver SSL implementations do not support supplying a CRL
      • How do other drivers currently allow this to be set?
        • Python uses the same option, tlsCRLFile, php uses crl_file

      Acceptance Criteria

      Implementation Requirements

      • Determine an option name that is as consistent as possible with other drivers
      • Allow option to be passed in the URI & constructor to specify a crl file name
      • Read file contents async

      Testing Requirements

      • Unit tests at a minimum
      • Integration tests if possible

      Documentation Requirements

      • Update existing MongoDB manual docs
      • Update the tls options API docs table
      • Update 5.x api deprecation message for sslCrl to point to the new option

      Follow Up Requirements

      • N/A

            Assignee:
            Unassigned Unassigned
            Reporter:
            dbeng-pm-bot PM Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: