From f9b5677657a05b22cc47c20f910e6ae264da8717 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Tue, 27 Jun 2023 16:45:37 +0200 Subject: [PATCH] feat(NODE-5287): deprecate ssl options (#3743) --- src/connection_string.ts | 15 ++++++++++++++- src/mongo_client.ts | 35 ++++++++++++++++++++++++++++------- 2 files changed, 42 insertions(+), 8 deletions(-) diff --git a/src/connection_string.ts b/src/connection_string.ts index 789d8342e7..ac8a3315f7 100644 --- a/src/connection_string.ts +++ b/src/connection_string.ts @@ -1097,35 +1097,46 @@ export const OPTIONS = { type: 'boolean' }, sslCA: { + deprecated: + 'sslCA is deprecated and will be removed in the next major version. Please use tlsCAFile instead.', target: 'ca', transform({ values: [value] }) { return fs.readFileSync(String(value), { encoding: 'ascii' }); } }, sslCRL: { + deprecated: + 'sslCRL is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', target: 'crl', transform({ values: [value] }) { return fs.readFileSync(String(value), { encoding: 'ascii' }); } }, sslCert: { + deprecated: + 'sslCert is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', target: 'cert', transform({ values: [value] }) { return fs.readFileSync(String(value), { encoding: 'ascii' }); } }, sslKey: { + deprecated: + 'sslKey is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', target: 'key', transform({ values: [value] }) { return fs.readFileSync(String(value), { encoding: 'ascii' }); } }, sslPass: { - deprecated: true, + deprecated: + 'sslPass is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFilePassword instead.', target: 'passphrase', type: 'string' }, sslValidate: { + deprecated: + 'sslValidate is deprecated and will be removed in the next major version. Please use tlsAllowInvalidCertificates instead.', target: 'rejectUnauthorized', type: 'boolean' }, @@ -1153,6 +1164,8 @@ export const OPTIONS = { } }, tlsCertificateFile: { + deprecated: + 'tlsCertificateFile is deprecated and will be removed in the next major version. Please use tlsCertificateKeyFile instead.', target: 'cert', transform({ values: [value] }) { return fs.readFileSync(String(value), { encoding: 'ascii' }); diff --git a/src/mongo_client.ts b/src/mongo_client.ts index 00706bcd9b..95fc229ab5 100644 --- a/src/mongo_client.ts +++ b/src/mongo_client.ts @@ -108,7 +108,10 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC tls?: boolean; /** A boolean to enable or disables TLS/SSL for the connection. (The ssl option is equivalent to the tls option.) */ ssl?: boolean; - /** Specifies the location of a local TLS Certificate */ + /** + * Specifies the location of a local TLS Certificate + * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. + */ tlsCertificateFile?: string; /** Specifies the location of a local .pem file that contains either the client's TLS/SSL certificate and key or only the client's TLS/SSL key when tlsCertificateFile is used to provide the certificate. */ tlsCertificateKeyFile?: string; @@ -208,17 +211,35 @@ export interface MongoClientOptions extends BSONSerializeOptions, SupportedNodeC * @see https://www.mongodb.com/docs/manual/reference/write-concern/ */ writeConcern?: WriteConcern | WriteConcernSettings; - /** Validate mongod server certificate against Certificate Authority */ + /** + * Validate mongod server certificate against Certificate Authority + * @deprecated Will be removed in the next major version. Please use tlsAllowInvalidCertificates instead. + */ sslValidate?: boolean; - /** SSL Certificate file path. */ + /** + * SSL Certificate file path. + * @deprecated Will be removed in the next major version. Please use tlsCAFile instead. + */ sslCA?: string; - /** SSL Certificate file path. */ + /** + * SSL Certificate file path. + * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. + */ sslCert?: string; - /** SSL Key file file path. */ + /** + * SSL Key file file path. + * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. + */ sslKey?: string; - /** SSL Certificate pass phrase. */ + /** + * SSL Certificate pass phrase. + * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFilePassword instead. + */ sslPass?: string; - /** SSL Certificate revocation list file path. */ + /** + * SSL Certificate revocation list file path. + * @deprecated Will be removed in the next major version. Please use tlsCertificateKeyFile instead. + */ sslCRL?: string; /** TCP Connection no delay */ noDelay?: boolean;