Skip to content

feat(NODE-5376)!: remove deprecated ssl options #3755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jul 10, 2023
Merged

feat(NODE-5376)!: remove deprecated ssl options #3755

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
60bbae0
feat!(NODE-5376): remove deprecated ssl options
durran Jul 6, 2023
1671567
chore: update changes
durran Jul 6, 2023
b6ec3b9
test: unit
durran Jul 6, 2023
5200335
Merge branch 'main' into NODE-5376
durran Jul 6, 2023
e2b7435
Merge branch 'main' into NODE-5376
durran Jul 7, 2023
bd864a1
fix: comments
durran Jul 9, 2023
75d6f2b
Merge branch 'main' into NODE-5376
nbbeeken Jul 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions etc/notes/CHANGES_6.0.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Changes in the MongoDB Node.js Driver v6

## About

The following is a detailed collection of the changes in the major v6 release of the `mongodb` package for Node.js.

## Contents

- [Changes](#changes)
- [Deprecated SSL options removed](#deprecated-ssl-options-removed)

## Changes

### Deprecated SSL options removed

The following deprecated SSL/TLS options have now been removed (-> indicating the corresponding option):

- `sslCA` -> `tlsCAFile`
- `sslCRL`
- `sslCert` -> `tlsCertificateKeyFile`
- `sslKey` -> `tlsCertificateKeyFile`
- `sslPass` -> `tlsCertificateKeyFilePassword`
- `sslValidate` -> `tlsAllowInvalidCertificates`
- `tlsCertificateFile` -> `tlsCertificateKeyFile`
52 changes: 0 additions & 52 deletions src/connection_string.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1096,50 +1096,6 @@ export const OPTIONS = {
target: 'tls',
type: 'boolean'
},
sslCA: {
deprecated:
'sslCA is deprecated and will be removed in the next major version. Please use tlsCAFile instead.',
target: 'ca',
transform({ values: [value] }) {
return fs.readFileSync(String(value), { encoding: 'ascii' });
}
},
sslCRL: {
deprecated:
'sslCRL is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.',
target: 'crl',
transform({ values: [value] }) {
return fs.readFileSync(String(value), { encoding: 'ascii' });
}
},
sslCert: {
deprecated:
'sslCert is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.',
target: 'cert',
transform({ values: [value] }) {
return fs.readFileSync(String(value), { encoding: 'ascii' });
}
},
sslKey: {
deprecated:
'sslKey is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.',
target: 'key',
transform({ values: [value] }) {
return fs.readFileSync(String(value), { encoding: 'ascii' });
}
},
sslPass: {
deprecated:
'sslPass is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFilePassword instead.',
target: 'passphrase',
type: 'string'
},
sslValidate: {
deprecated:
'sslValidate is deprecated and will be removed in the next major version. Please use tlsAllowInvalidCertificates instead.',
target: 'rejectUnauthorized',
type: 'boolean'
},
tls: {
type: 'boolean'
},
Expand All @@ -1163,14 +1119,6 @@ export const OPTIONS = {
return fs.readFileSync(String(value), { encoding: 'ascii' });
}
},
tlsCertificateFile: {
deprecated:
'tlsCertificateFile is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.',
target: 'cert',
transform({ values: [value] }) {
return fs.readFileSync(String(value), { encoding: 'ascii' });
}
},
tlsCertificateKeyFile: {
target: 'key',
transform({ values: [value] }) {
Expand Down
54 changes: 9 additions & 45 deletions src/mongo_client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,11 +108,6 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC
tls?: boolean;
/** A boolean to enable or disables TLS/SSL for the connection. (The ssl option is equivalent to the tls option.) */
ssl?: boolean;
/**
* Specifies the location of a local TLS Certificate
* @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead.
*/
tlsCertificateFile?: string;
/** Specifies the location of a local .pem file that contains either the client's TLS/SSL certificate and key or only the client's TLS/SSL key when tlsCertificateFile is used to provide the certificate. */
tlsCertificateKeyFile?: string;
/** Specifies the password to de-crypt the tlsCertificateKeyFile. */
Expand Down Expand Up @@ -211,36 +206,6 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC
* @see https://www.mongodb.com/docs/manual/reference/write-concern/
*/
writeConcern?: WriteConcern | WriteConcernSettings;
/**
* Validate mongod server certificate against Certificate Authority
* @deprecated Will be removed in the next major version. Please use tlsAllowInvalidCertificates instead.
*/
sslValidate?: boolean;
/**
* SSL Certificate file path.
* @deprecated Will be removed in the next major version. Please use tlsCAFile instead.
*/
sslCA?: string;
/**
* SSL Certificate file path.
* @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead.
*/
sslCert?: string;
/**
* SSL Key file file path.
* @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead.
*/
sslKey?: string;
/**
* SSL Certificate pass phrase.
* @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFilePassword instead.
*/
sslPass?: string;
/**
* SSL Certificate revocation list file path.
* @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead.
*/
sslCRL?: string;
/** TCP Connection no delay */
noDelay?: boolean;
/** @deprecated TCP Connection keep alive enabled. Will not be able to turn off in the future. */
Expand Down Expand Up @@ -805,16 +770,15 @@ export interface MongoOptions
*
* ### Additional options:
*
* | nodejs native option | driver spec compliant option name | legacy option name | driver option type |
* |:----------------------|:----------------------------------------------|:-------------------|:-------------------|
* | `ca` | `tlsCAFile` | `sslCA` | `string` |
* | `crl` | N/A | `sslCRL` | `string` |
* | `cert` | `tlsCertificateFile`, `tlsCertificateKeyFile` | `sslCert` | `string` |
* | `key` | `tlsCertificateKeyFile` | `sslKey` | `string` |
* | `passphrase` | `tlsCertificateKeyFilePassword` | `sslPass` | `string` |
* | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `sslValidate` | `boolean` |
* | `checkServerIdentity` | `tlsAllowInvalidHostnames` | N/A | `boolean` |
* | see note below | `tlsInsecure` | N/A | `boolean` |
* | nodejs native option | driver spec compliant option name | driver option type |
* |:----------------------|:----------------------------------------------|:-------------------|
* | `ca` | `tlsCAFile` | `string` |
* | `crl` | N/A | `string` |
* | `key` | `tlsCertificateKeyFile` | `string` |
* | `passphrase` | `tlsCertificateKeyFilePassword` | `string` |
* | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `boolean` |
* | `checkServerIdentity` | `tlsAllowInvalidHostnames` | `boolean` |
* | see note below | `tlsInsecure` | `boolean` |
*
* If `tlsInsecure` is set to `true`, then it will set the node native options `checkServerIdentity`
* to a no-op and `rejectUnauthorized` to `false`.
Expand Down
3 changes: 1 addition & 2 deletions test/integration/node-specific/bson-options/ignore_undefined.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,7 @@ describe('Ignore Undefined', function () {
const client = configuration.newClient(
{},
{
ignoreUndefined: true,
sslValidate: false
ignoreUndefined: true
}
);

Expand Down
11 changes: 0 additions & 11 deletions test/types/community/changes_from_36.test-d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,6 @@ expectNotType<boolean>(options.readPreference);
expectNotType<{}>(options.pkFactory);
// .checkServerIdentity cannot be `true`
expectNotType<true>(options.checkServerIdentity);
// .sslCA cannot be string[]
expectNotType<string[]>(options.sslCA);
// .sslCRL cannot be string[]
expectNotType<string[]>(options.sslCRL);
// .sslCert cannot be a Buffer
expectNotType<Buffer>(options.sslCert);
// .sslKey cannot be a Buffer
expectNotType<Buffer>(options.sslKey);
// .sslPass cannot be a Buffer
expectNotType<Buffer>(options.sslPass);

// Legacy option kept
expectType<PropExists<MongoClientOptions, 'w'>>(true);
Expand All @@ -60,7 +50,6 @@ expectType<ReadPreferenceMode | ReadPreference | undefined>(options.readPreferen
expectType<boolean | undefined>(options.promoteValues);
expectType<number | undefined>(options.family);
expectType<boolean | undefined>(options.ssl);
expectType<boolean | undefined>(options.sslValidate);
expectAssignable<((host: string, cert: PeerCertificate) => Error | undefined) | undefined>(
options.checkServerIdentity
);
Expand Down
2 changes: 1 addition & 1 deletion test/types/community/client.test-d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ const options: MongoClientOptions = {
maxPoolSize: 1,
family: 4,
ssl: true,
sslValidate: false,
tlsAllowInvalidCertificates: false,
// eslint-disable-next-line @typescript-eslint/no-unused-vars
checkServerIdentity(host, cert) {
return undefined;
Expand Down
45 changes: 10 additions & 35 deletions test/unit/mongo_client.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,8 @@ describe('MongoOptions', function () {
fs.closeSync(fs.openSync(filename, 'w'));
const options = parseOptions('mongodb://localhost:27017/?ssl=true', {
tlsCertificateKeyFile: filename,
tlsCertificateFile: filename,
tlsCAFile: filename,
sslCRL: filename,
tlsCertificateKeyFilePassword: 'tlsCertificateKeyFilePassword',
sslValidate: false
tlsCertificateKeyFilePassword: 'tlsCertificateKeyFilePassword'
});
fs.unlinkSync(filename);

Expand All @@ -47,27 +44,24 @@ describe('MongoOptions', function () {
*
* ### Additional options:
*
* | nodejs option | MongoDB equivalent | type |
* |:---------------------|----------------------------------------------------|:---------------------------------------|
* | `ca` | sslCA, tlsCAFile | `string \| Buffer \| Buffer[]` |
* | `crl` | sslCRL | `string \| Buffer \| Buffer[]` |
* | `cert` | sslCert, tlsCertificateFile | `string \| Buffer \| Buffer[]` |
* | `key` | sslKey, tlsCertificateKeyFile | `string \| Buffer \| KeyObject[]` |
* | `passphrase` | sslPass, tlsCertificateKeyFilePassword | `string` |
* | `rejectUnauthorized` | sslValidate | `boolean` |
* | nodejs native option | driver spec compliant option name | driver option type |
* |:----------------------|:----------------------------------------------|:-------------------|
* | `ca` | `tlsCAFile` | `string` |
* | `crl` | N/A | `string` |
* | `key` | `tlsCertificateKeyFile` | `string` |
* | `passphrase` | `tlsCertificateKeyFilePassword` | `string` |
* | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `boolean` |
* | `checkServerIdentity` | `tlsAllowInvalidHostnames` | `boolean` |
* | see note below | `tlsInsecure` | `boolean` |
*
*/
expect(options).to.not.have.property('tlsCertificateKeyFile');
expect(options).to.not.have.property('tlsCAFile');
expect(options).to.not.have.property('sslCRL');
expect(options).to.not.have.property('tlsCertificateKeyFilePassword');
expect(options).has.property('ca', '');
expect(options).has.property('crl', '');
expect(options).has.property('cert', '');
expect(options).has.property('key');
expect(options.key).has.length(0);
expect(options).has.property('passphrase', 'tlsCertificateKeyFilePassword');
expect(options).has.property('rejectUnauthorized', false);
expect(options).has.property('tls', true);
});

Expand Down Expand Up @@ -126,8 +120,6 @@ describe('MongoOptions', function () {
serverApi: { version: '1' },
socketTimeoutMS: 3,
ssl: true,
sslPass: 'pass',
sslValidate: true,
tls: true,
tlsAllowInvalidCertificates: true,
tlsAllowInvalidHostnames: true,
Expand Down Expand Up @@ -404,28 +396,11 @@ describe('MongoOptions', function () {
const optsFromObject = parseOptions('mongodb://localhost/', {
tlsCertificateKeyFile: 'testCertKey.pem'
});
expect(optsFromObject).to.have.property('cert', 'cert key');
expect(optsFromObject).to.have.property('key', 'cert key');

const optsFromUri = parseOptions('mongodb://localhost?tlsCertificateKeyFile=testCertKey.pem');
expect(optsFromUri).to.have.property('cert', 'cert key');
expect(optsFromUri).to.have.property('key', 'cert key');
});

it('correctly sets the cert and key if both tlsCertificateKeyFile and tlsCertificateFile is provided', function () {
const optsFromObject = parseOptions('mongodb://localhost/', {
tlsCertificateKeyFile: 'testKey.pem',
tlsCertificateFile: 'testCert.pem'
});
expect(optsFromObject).to.have.property('cert', 'test cert');
expect(optsFromObject).to.have.property('key', 'test key');

const optsFromUri = parseOptions(
'mongodb://localhost?tlsCertificateKeyFile=testKey.pem&tlsCertificateFile=testCert.pem'
);
expect(optsFromUri).to.have.property('cert', 'test cert');
expect(optsFromUri).to.have.property('key', 'test key');
});
});

it('throws an error if multiple tls parameters are not all set to the same value', () => {
Expand Down