RUBY-886 Add tests and adjust test suite for ssl verify default

Author: estolfo

spec/mongo/server/connection_pool_spec.rb

@@ -2,6 +2,10 @@
 
 describe Mongo::Server::ConnectionPool do
 
+  let(:options) do
+    TEST_OPTIONS.merge(max_pool_size: 2)
+  end
+
   let(:address) do
     Mongo::Address.new('127.0.0.1:27017')
   end
@@ -17,7 +21,7 @@
   describe '#checkin' do
 
     let(:server) do
-      Mongo::Server.new(address, double('cluster'), monitoring, listeners, ssl: SSL)
+      Mongo::Server.new(address, double('cluster'), monitoring, listeners, options)
     end
 
     let!(:pool) do
@@ -47,7 +51,7 @@
   describe '#checkout' do
 
     let(:server) do
-      Mongo::Server.new(address, double('cluster'), monitoring, listeners, ssl: SSL)
+      Mongo::Server.new(address, double('cluster'), monitoring, listeners, options)
     end
 
     let!(:pool) do
@@ -95,7 +99,7 @@
   describe '.get' do
 
     let(:server) do
-      Mongo::Server.new(address, double('cluster'), monitoring, listeners, ssl: SSL)
+      Mongo::Server.new(address, double('cluster'), monitoring, listeners, options)
     end
 
     let!(:pool) do
@@ -110,7 +114,7 @@
   describe '#inspect' do
 
     let(:server) do
-      Mongo::Server.new(address, double('cluster'), monitoring, listeners, ssl: SSL)
+      Mongo::Server.new(address, double('cluster'), monitoring, listeners, options)
     end
 
     let!(:pool) do
@@ -129,7 +133,7 @@
   describe '#with_connection' do
 
     let(:server) do
-      Mongo::Server.new(address, double('cluster'), monitoring, listeners, ssl: SSL)
+      Mongo::Server.new(address, double('cluster'), monitoring, listeners, options)
     end
 
     let!(:pool) do

spec/mongo/server/connection_spec.rb

@@ -15,7 +15,7 @@
   end
 
   let(:server) do
-    Mongo::Server.new(address, double('cluster'), monitoring, listeners, ssl: SSL)
+    Mongo::Server.new(address, double('cluster'), monitoring, listeners, TEST_OPTIONS)
   end
 
   describe '#connect!' do

spec/mongo/socket/ssl_spec.rb

@@ -12,9 +12,10 @@
 
       let(:options) do
         {
-          :ssl => true,
-          :ssl_cert => CLIENT_PEM,
-          :ssl_key => CLIENT_PEM
+            :ssl => true,
+            :ssl_cert => CLIENT_PEM,
+            :ssl_key => CLIENT_PEM,
+            :ssl_verify => false
         }
       end
 
@@ -31,9 +32,10 @@
 
       let(:options) do
         {
-          :ssl => true,
-          :ssl_cert => CLIENT_PEM,
-          :ssl_key => CRL_PEM
+            :ssl => true,
+            :ssl_cert => CLIENT_PEM,
+            :ssl_key => CRL_PEM,
+            :ssl_verify => false
         }
       end
 
@@ -51,7 +53,8 @@
             :ssl => true,
             :ssl_cert => CLIENT_PEM,
             :ssl_key => CLIENT_PEM,
-            :ssl_ca_cert => CA_PEM
+            :ssl_ca_cert => CA_PEM,
+            :ssl_verify => true
         }
       end
 
@@ -63,5 +66,67 @@
         expect(socket).to be_alive
       end
     end
+
+    context 'when ssl_verify is not specified' do
+
+      let(:options) do
+        {
+            :ssl => true,
+            :ssl_cert => CLIENT_PEM,
+            :ssl_key => CLIENT_PEM,
+            :ssl_ca_cert => CA_PEM
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      it 'verifies the server certificate' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when ssl_verify is true' do
+
+      let(:options) do
+        {
+            :ssl => true,
+            :ssl_cert => CLIENT_PEM,
+            :ssl_key => CLIENT_PEM,
+            :ssl_ca_cert => CA_PEM,
+            :ssl_verify => true
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      it 'verifies the server certificate' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when ssl_verify is false' do
+
+      let(:options) do
+        {
+            :ssl => true,
+            :ssl_cert => CLIENT_PEM,
+            :ssl_key => CLIENT_PEM,
+            :ssl_ca_cert => 'invalid',
+            :ssl_verify => false
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      it 'does not verify the server certificate' do
+        expect(socket).to be_alive
+      end
+    end
   end
 end

spec/spec_helper.rb

@@ -17,6 +17,20 @@
   end
 end
 
+TEST_SET = 'ruby-driver-rs'
+COVERAGE_MIN = 90
+CURRENT_PATH = File.expand_path(File.dirname(__FILE__))
+SERVER_DISCOVERY_TESTS = Dir.glob("#{CURRENT_PATH}/support/sdam/**/*.yml")
+SERVER_SELECTION_RTT_TESTS = Dir.glob("#{CURRENT_PATH}/support/server_selection/rtt/*.yml")
+SERVER_SELECTION_TESTS = Dir.glob("#{CURRENT_PATH}/support/server_selection/selection/**/*.yml")
+CRUD_TESTS = Dir.glob("#{CURRENT_PATH}/support/crud_tests/**/*.yml")
+
+SSL_CERTS_DIR = "#{CURRENT_PATH}/support/certificates"
+CLIENT_PEM = "#{SSL_CERTS_DIR}/client.pem"
+CLIENT_PASSWORD_PEM = "#{SSL_CERTS_DIR}/password_protected.pem"
+CA_PEM = "#{SSL_CERTS_DIR}/ca.pem"
+CRL_PEM = "#{SSL_CERTS_DIR}/crl.pem"
+
 require 'mongo'
 
 require 'support/travis'
@@ -61,20 +75,6 @@
   end
 end
 
-TEST_SET = 'ruby-driver-rs'
-COVERAGE_MIN = 90
-CURRENT_PATH = File.expand_path(File.dirname(__FILE__))
-SERVER_DISCOVERY_TESTS = Dir.glob("#{CURRENT_PATH}/support/sdam/**/*.yml")
-SERVER_SELECTION_RTT_TESTS = Dir.glob("#{CURRENT_PATH}/support/server_selection/rtt/*.yml")
-SERVER_SELECTION_TESTS = Dir.glob("#{CURRENT_PATH}/support/server_selection/selection/**/*.yml")
-CRUD_TESTS = Dir.glob("#{CURRENT_PATH}/support/crud_tests/**/*.yml")
-
-SSL_CERTS_DIR = "#{CURRENT_PATH}/support/certificates"
-CLIENT_PEM = "#{SSL_CERTS_DIR}/client.pem"
-CLIENT_PASSWORD_PEM = "#{SSL_CERTS_DIR}/password_protected.pem"
-CA_PEM = "#{SSL_CERTS_DIR}/ca.pem"
-CRL_PEM = "#{SSL_CERTS_DIR}/crl.pem"
-
 # Determine whether the test clients are connecting to a standalone.
 #
 # @since 2.0.0
@@ -149,10 +149,16 @@ def list_command_enabled?
   $list_command_enabled ||= $mongo_client.cluster.servers.first.features.list_indexes_enabled?
 end
 
+# Is the test suite running locallly (not on Travis or Jenkins).
+#
+# @since 2.1.0
 def testing_locally?
   !(ENV['CI'] || ENV['JENKINS_HOME'])
 end
 
+# Is the test suite running on SSL.
+#
+# @since 2.0.2
 def running_ssl?
   SSL
 end

spec/support/authorization.rb

@@ -50,12 +50,28 @@
 # @since 2.0.3
 SSL = ENV['SSL_ENABLED'] == 'true'
 
+# SSL options.
+#
+# @since 2.1.0
+SSL_OPTIONS = {
+                  ssl: SSL,
+                  ssl_verify: false,
+                  ssl_cert:  CLIENT_PEM,
+                  ssl_key:  CLIENT_PEM
+                }
+
+# Base test options.
+#
+# @since 2.1.0
+BASE_OPTIONS = {
+                  max_pool_size: 1,
+                  write: WRITE_CONCERN
+               }
+
 # Options for test suite clients.
 #
 # @since 2.0.3
-TEST_OPTIONS = CONNECT.merge(max_pool_size: 1,
-                             write: WRITE_CONCERN,
-                             ssl: SSL)
+TEST_OPTIONS = BASE_OPTIONS.merge(CONNECT).merge(SSL_OPTIONS)
 
 # The root user name.
 #