From f555d71432687fcf9d3885a612a82350eee9ae3f Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Mon, 15 May 2023 15:05:19 +0200 Subject: [PATCH 1/5] chore(NODE-4778): update tls option notes --- src/mongo_client.ts | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 47f2f317cc4..446f1fc6820 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -774,14 +774,17 @@ export interface MongoOptions * * If set TLS enabled, equivalent to setting the ssl option. * + * Spec complicant options: ssl, tls, tlsCAFile, tlsCertificateKeyFile, tlsCertificateKeyFilePassworda, tlsAllowInvalidCertificates, + * tlsAllowInvalidHostnames, tlsInsecure. All others will be deprecated and subsequently removed in future versions. + * * ### Additional options: * * | nodejs option | MongoDB equivalent | type | * |:---------------------|--------------------------------------------------------- |:---------------------------------------| - * | `ca` | `sslCA`, `tlsCAFile` | `string \| Buffer \| Buffer[]` | - * | `crl` | `sslCRL` | `string \| Buffer \| Buffer[]` | - * | `cert` | `sslCert`, `tlsCertificateFile`, `tlsCertificateKeyFile` | `string \| Buffer \| Buffer[]` | - * | `key` | `sslKey`, `tlsCertificateKeyFile` | `string \| Buffer \| KeyObject[]` | + * | `ca` | `sslCA`, `tlsCAFile` | `string` | + * | `crl` | `sslCRL` | `string` | + * | `cert` | `sslCert`, `tlsCertificateFile`, `tlsCertificateKeyFile` | `string` | + * | `key` | `sslKey`, `tlsCertificateKeyFile` | `string` | * | `passphrase` | `sslPass`, `tlsCertificateKeyFilePassword` | `string` | * | `rejectUnauthorized` | `sslValidate` | `boolean` | * From 156890325a98efa67127dcacc3e57ba1e32e3040 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Tue, 16 May 2023 16:51:50 +0200 Subject: [PATCH 2/5] chore: update table --- src/mongo_client.ts | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 446f1fc6820..d5f75d9e238 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -772,21 +772,20 @@ export interface MongoOptions /** * # NOTE ABOUT TLS Options * - * If set TLS enabled, equivalent to setting the ssl option. - * - * Spec complicant options: ssl, tls, tlsCAFile, tlsCertificateKeyFile, tlsCertificateKeyFilePassworda, tlsAllowInvalidCertificates, - * tlsAllowInvalidHostnames, tlsInsecure. All others will be deprecated and subsequently removed in future versions. + * If `tls` is provided as an option, it is equivalent to setting the `ssl` option. * * ### Additional options: * - * | nodejs option | MongoDB equivalent | type | - * |:---------------------|--------------------------------------------------------- |:---------------------------------------| - * | `ca` | `sslCA`, `tlsCAFile` | `string` | - * | `crl` | `sslCRL` | `string` | - * | `cert` | `sslCert`, `tlsCertificateFile`, `tlsCertificateKeyFile` | `string` | - * | `key` | `sslKey`, `tlsCertificateKeyFile` | `string` | - * | `passphrase` | `sslPass`, `tlsCertificateKeyFilePassword` | `string` | - * | `rejectUnauthorized` | `sslValidate` | `boolean` | + * | nodejs option | MongoDB driver spec compliant | Legacy option name | type | + * |:---------------------|:----------------------------------------------|:-------------------|:----------| + * | `ca` | `tlsCAFile` | `sslCA` | `string` | + * | `crl` | N/A | `sslCRL` | `string` | + * | `cert` | `tlsCertificateFile`, `tlsCertificateKeyFile` | `sslCert` | `string` | + * | `key` | `tlsCertificateKeyFile` | `sslKey` | `string` | + * | `passphrase` | `tlsCertificateKeyFilePassword` | `sslPass` | `string` | + * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `sslValidate` | `boolean` | + * | N/A | `tlsAllowInvalidHostnames` | N/A | `boolean` | + * | N/A | `tlsInsecure` | N/A | `boolean` | * */ tls: boolean; From b483fca887b3ba849610f24c21d3f2b0c64c74f6 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Tue, 16 May 2023 18:48:14 +0200 Subject: [PATCH 3/5] chore: update table and notes --- src/mongo_client.ts | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/src/mongo_client.ts b/src/mongo_client.ts index d5f75d9e238..888b2ba79e1 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -774,18 +774,20 @@ export interface MongoOptions * * If `tls` is provided as an option, it is equivalent to setting the `ssl` option. * + * NodeJS native TLS options are passed through to the socket and retain their original types. + * * ### Additional options: * - * | nodejs option | MongoDB driver spec compliant | Legacy option name | type | - * |:---------------------|:----------------------------------------------|:-------------------|:----------| - * | `ca` | `tlsCAFile` | `sslCA` | `string` | - * | `crl` | N/A | `sslCRL` | `string` | - * | `cert` | `tlsCertificateFile`, `tlsCertificateKeyFile` | `sslCert` | `string` | - * | `key` | `tlsCertificateKeyFile` | `sslKey` | `string` | - * | `passphrase` | `tlsCertificateKeyFilePassword` | `sslPass` | `string` | - * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `sslValidate` | `boolean` | - * | N/A | `tlsAllowInvalidHostnames` | N/A | `boolean` | - * | N/A | `tlsInsecure` | N/A | `boolean` | + * | nodejs native option | driver spec compliant option name | legacy option name | driver option type | + * |:---------------------|:----------------------------------------------|:-------------------|:-------------------| + * | `ca` | `tlsCAFile` | `sslCA` | `string` | + * | `crl` | N/A | `sslCRL` | `string` | + * | `cert` | `tlsCertificateFile`, `tlsCertificateKeyFile` | `sslCert` | `string` | + * | `key` | `tlsCertificateKeyFile` | `sslKey` | `string` | + * | `passphrase` | `tlsCertificateKeyFilePassword` | `sslPass` | `string` | + * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `sslValidate` | `boolean` | + * | N/A | `tlsAllowInvalidHostnames` | N/A | `boolean` | + * | N/A | `tlsInsecure` | N/A | `boolean` | * */ tls: boolean; From 32ac0a36d1320190fb28c40ae4d2fd2020896a14 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Tue, 16 May 2023 20:50:02 +0200 Subject: [PATCH 4/5] docs: update table --- src/mongo_client.ts | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 888b2ba79e1..c9fe5a1cb5f 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -778,17 +778,23 @@ export interface MongoOptions * * ### Additional options: * - * | nodejs native option | driver spec compliant option name | legacy option name | driver option type | - * |:---------------------|:----------------------------------------------|:-------------------|:-------------------| - * | `ca` | `tlsCAFile` | `sslCA` | `string` | - * | `crl` | N/A | `sslCRL` | `string` | - * | `cert` | `tlsCertificateFile`, `tlsCertificateKeyFile` | `sslCert` | `string` | - * | `key` | `tlsCertificateKeyFile` | `sslKey` | `string` | - * | `passphrase` | `tlsCertificateKeyFilePassword` | `sslPass` | `string` | - * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `sslValidate` | `boolean` | - * | N/A | `tlsAllowInvalidHostnames` | N/A | `boolean` | - * | N/A | `tlsInsecure` | N/A | `boolean` | + * | nodejs native option | driver spec compliant option name | legacy option name | driver option type | + * |:----------------------|:----------------------------------------------|:-------------------|:-------------------| + * | `ca` | `tlsCAFile` | `sslCA` | `string` | + * | `crl` | N/A | `sslCRL` | `string` | + * | `cert` | `tlsCertificateFile`, `tlsCertificateKeyFile` | `sslCert` | `string` | + * | `key` | `tlsCertificateKeyFile` | `sslKey` | `string` | + * | `passphrase` | `tlsCertificateKeyFilePassword` | `sslPass` | `string` | + * | `rejectUnauthorized` | `tlsAllowInvalidCertificates` | `sslValidate` | `boolean` | + * | `checkServerIdentity` | `tlsAllowInvalidHostnames` | N/A | `boolean` | + * | see note below | `tlsInsecure` | N/A | `boolean` | * + * If `tlsInsecure` is set to `true`, then it will set the node native options `checkServerIdentity` + * to a no-op and `rejectUnauthorized` to `false. + * + * If `tlsInsecure` is set to `false`, then it will set the node native options `checkServerIdentity` + * to a no-op and `rejectUnauthorized` to the inverse value of `tlsAllowInvalidCertificates`. If + * `tlsAllowInvalidCertificates` is not set, then `rejectUnauthorized` will be set to `true`. */ tls: boolean; From 6d30ef7dca98bf5a4996901a4019d6b07f0ab9f8 Mon Sep 17 00:00:00 2001 From: Daria Pardue Date: Tue, 16 May 2023 15:26:42 -0400 Subject: [PATCH 5/5] docs: typo --- src/mongo_client.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mongo_client.ts b/src/mongo_client.ts index c9fe5a1cb5f..5be40c381e8 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -790,7 +790,7 @@ export interface MongoOptions * | see note below | `tlsInsecure` | N/A | `boolean` | * * If `tlsInsecure` is set to `true`, then it will set the node native options `checkServerIdentity` - * to a no-op and `rejectUnauthorized` to `false. + * to a no-op and `rejectUnauthorized` to `false`. * * If `tlsInsecure` is set to `false`, then it will set the node native options `checkServerIdentity` * to a no-op and `rejectUnauthorized` to the inverse value of `tlsAllowInvalidCertificates`. If