aesedepece
commented
7 years ago Hi @jacob-meacham,
TLS/SSL is now supported and implemented by three different tests:
- Check if TLS/SSL support is available
- Check if TLS/SSL is enabled
- Check if server certificate is completely valid (not self-signed)
We would love you to test the patch and confirm if it works for you. Feel free to reopen this issue if it does not!
Thanks a lot for your interest in mongoaudit and for your valuable feedback.
First off, this is a great tool!
I had a couple of issues when running it, which I'll split up into two separate tickets. The first is that I was not able to connect to a DB that requires an SSL connection without making a change to testers.py#Tester#get_connection to
pymongo does support passing these params in the uri (see http://api.mongodb.com/python/current/examples/tls.html) but mongoaudit seems to be stripping them out.
I also found the serverSelectionTimeout of 1 ms to be too short. I'm happy to make these changes - let me know if you have a preferred approach - I would change the uri parsing so that the extra parameters are not stripped.