mongo 2.9.0.rc0 → 2.9.0.rc1

data/spec/support/certificates/server-second-level.crt

@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 403728 (0x62910)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN = intermediate-server, OU = Ruby Driver, O = MongoDB, L = New York City, ST = New York, C = US
+        Validity
+            Not Before: May 30 22:28:04 2019 GMT
+            Not After : May 30 22:28:04 2039 GMT
+        Subject: CN = localhost, OU = Ruby Driver, O = MongoDB, L = New York City, ST = New York, C = US
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:94:9a:50:f9:bc:68:39:68:e3:54:1d:48:d9:83:
+                    b7:7f:8c:59:cd:54:8d:ba:af:13:ef:25:a5:9d:c4:
+                    d6:0a:f4:10:c4:ee:e7:b5:60:81:83:5f:3f:88:bd:
+                    63:d7:39:68:8d:2b:d6:85:a8:f6:4a:6e:52:6c:f1:
+                    03:71:a7:2e:2f:e2:80:6a:c3:5a:94:7a:70:2c:5f:
+                    a1:ea:17:e5:db:54:24:75:d3:3a:8d:83:22:96:76:
+                    21:9f:b5:51:ff:b8:4d:33:b8:6c:39:bb:68:98:71:
+                    50:b5:41:67:bd:f5:76:f8:49:1e:58:fe:d7:a4:54:
+                    c1:15:25:b1:24:2f:20:ea:56:a4:29:2f:83:f4:c2:
+                    a9:13:12:a1:f3:9b:9e:95:6d:25:c4:bf:d9:74:0f:
+                    d3:1f:7a:87:f7:a8:f8:82:8b:0d:4f:e8:5b:6e:32:
+                    00:e0:e8:8a:35:91:75:82:56:37:7f:f5:ab:5d:0f:
+                    7f:b9:61:62:13:e4:38:44:f8:3b:58:f9:87:23:6a:
+                    aa:79:cf:6b:df:52:2b:40:0c:4d:12:b0:84:ac:40:
+                    f3:6e:f1:0f:37:23:f0:54:7c:f5:e3:b8:0b:20:77:
+                    27:ef:7f:2a:bf:20:ee:06:50:25:0b:42:57:1a:45:
+                    ca:a2:65:71:e1:bf:5d:f1:79:6f:66:3d:22:28:b9:
+                    d9:93
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, IP Address:127.0.0.1
+    Signature Algorithm: sha256WithRSAEncryption
+         8a:2d:64:a3:92:30:31:8c:b8:50:8d:20:9f:24:e9:62:8f:98:
+         e4:6b:4b:75:3b:90:fb:51:b3:65:79:a8:5f:ac:fc:57:f1:ca:
+         34:72:6b:07:37:82:d0:b8:89:a4:6d:eb:4a:2e:c5:7c:f6:eb:
+         bf:40:84:5d:56:0c:77:c8:79:f6:28:6c:86:50:ad:0b:d4:99:
+         58:ec:da:b3:ad:e0:55:93:b6:be:2f:4a:29:dd:4c:f4:41:85:
+         41:59:ba:3f:0a:3d:ce:c5:66:c6:41:c6:b0:94:f5:f9:f9:e9:
+         ff:85:c4:df:f7:36:33:7e:80:fc:b6:89:cc:d8:72:c8:2f:ae:
+         49:80:c7:65:c2:ec:5b:31:c1:ed:da:76:39:92:bf:cb:d9:8a:
+         ef:44:7c:a3:e3:ae:db:17:19:4d:7e:4e:e5:61:09:bc:18:b8:
+         c4:09:b7:46:d8:0f:f9:6f:d8:60:ec:ec:a5:51:28:a7:06:83:
+         bd:5d:39:76:aa:26:cc:b1:d0:ac:f4:ad:88:40:0d:8b:73:32:
+         62:a8:5e:47:12:99:6c:a1:6a:25:a3:f4:62:45:5e:89:36:d4:
+         17:ed:e4:54:cf:1d:6a:67:19:67:eb:4e:64:83:7b:5b:67:e4:
+         a4:e5:26:1d:0e:56:4f:7f:b7:32:19:44:85:fe:ba:ae:58:d4:
+         e3:ed:a5:71
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIDBikQMA0GCSqGSIb3DQEBCwUAMH4xHDAaBgNVBAMTE2lu
+dGVybWVkaWF0ZS1zZXJ2ZXIxFDASBgNVBAsTC1J1YnkgRHJpdmVyMRAwDgYDVQQK
+EwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcg
+WW9yazELMAkGA1UEBhMCVVMwHhcNMTkwNTMwMjIyODA0WhcNMzkwNTMwMjIyODA0
+WjB0MRIwEAYDVQQDEwlsb2NhbGhvc3QxFDASBgNVBAsTC1J1YnkgRHJpdmVyMRAw
+DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI
+EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCUmlD5vGg5aONUHUjZg7d/jFnNVI26rxPvJaWdxNYK9BDE7ue1YIGD
+Xz+IvWPXOWiNK9aFqPZKblJs8QNxpy4v4oBqw1qUenAsX6HqF+XbVCR10zqNgyKW
+diGftVH/uE0zuGw5u2iYcVC1QWe99Xb4SR5Y/tekVMEVJbEkLyDqVqQpL4P0wqkT
+EqHzm56VbSXEv9l0D9Mfeof3qPiCiw1P6FtuMgDg6Io1kXWCVjd/9atdD3+5YWIT
+5DhE+DtY+Ycjaqp5z2vfUitADE0SsISsQPNu8Q83I/BUfPXjuAsgdyfvfyq/IO4G
+UCULQlcaRcqiZXHhv13xeW9mPSIoudmTAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxv
+Y2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAii1ko5IwMYy4UI0gnyTp
+Yo+Y5GtLdTuQ+1GzZXmoX6z8V/HKNHJrBzeC0LiJpG3rSi7FfPbrv0CEXVYMd8h5
+9ihshlCtC9SZWOzas63gVZO2vi9KKd1M9EGFQVm6Pwo9zsVmxkHGsJT1+fnp/4XE
+3/c2M36A/LaJzNhyyC+uSYDHZcLsWzHB7dp2OZK/y9mK70R8o+Ou2xcZTX5O5WEJ
+vBi4xAm3RtgP+W/YYOzspVEopwaDvV05dqomzLHQrPStiEANi3MyYqheRxKZbKFq
+JaP0YkVeiTbUF+3kVM8damcZZ+tOZIN7W2fkpOUmHQ5WT3+3MhlEhf66rljU4+2l
+cQ==
+-----END CERTIFICATE-----

data/spec/support/certificates/server-second-level.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAlJpQ+bxoOWjjVB1I2YO3f4xZzVSNuq8T7yWlncTWCvQQxO7n
+tWCBg18/iL1j1zlojSvWhaj2Sm5SbPEDcacuL+KAasNalHpwLF+h6hfl21QkddM6
+jYMilnYhn7VR/7hNM7hsObtomHFQtUFnvfV2+EkeWP7XpFTBFSWxJC8g6lakKS+D
+9MKpExKh85uelW0lxL/ZdA/TH3qH96j4gosNT+hbbjIA4OiKNZF1glY3f/WrXQ9/
+uWFiE+Q4RPg7WPmHI2qqec9r31IrQAxNErCErEDzbvEPNyPwVHz147gLIHcn738q
+vyDuBlAlC0JXGkXKomVx4b9d8XlvZj0iKLnZkwIDAQABAoIBAQCSQhwG4KgYMSLl
+q/kClQBrGkFctabVIfJVw1DxKkWc/EDxA06tFvIB0iJfPEBjGY7Mu2Plo7nc4h5g
+OQqxtuDfomfQLLwfPS7gjbN4CtNh/rvv99k+ZN4LBvPrE/RD4yqhCBgE7m5w876C
+13/61/ijQJwM7a5igESVwsZJndUgrmg5m358QaMCi11upkhk3MnYK93P4S3RTaBs
+pzxjSAbgMJ7vD7NUSe1oXKMBNNMgLbQumOp00q8tsZAOToSGYOQI69q3pONRaB+e
+rrdu7qyDUBQHgZVB+bahtYmpHa0IxVOqAsZqfXNyPDgPRkRDkaoR8pTHbKX6a+a9
+7Gr3ISe5AoGBAOAU94g04TBypSeiufE+4cB5+rXjmYIlTMs0x6KHunZr0XpRlMPv
+y4upZQ+O4eo5rrEc0nAaHP/XvNfcogYzyy4qg7DrGl2Px4+iuoGvj5o/0wILZ2Hy
+ZnWlmJiMctn9Z+MUhMNfLxjEzSly3Y+nZkMYLzNoIgdcqk9jjnw2d3lvAoGBAKnF
+CsY7LNySixPHHAfCQt3rkEEvPQMMPStNp6ct84StYJyCGyOUyjLBjcBrq4/tOc/D
+fpoJDBUMUJj9yrVp3he3x00cXAoneX2ED4jnNMMPm84blr02hSCwU/1ldyKDm34/
+OXlym0UF0nYB2f3hrrwBTic5y2L90PdGfBUD5GgdAoGAcO2gIeCkbEoauXLkypOq
+KdpPY0MkpdYucWpUAbDtY6jKlR5wHp7GscfYypJzgBs50sB3vU8rtjP/U7o5XW7U
+wptiatLRIr3HELgtzhWwBUiNCsa8fzwuLrQZxydg6kMvC93XWq6piY4E5xKgXjk6
+7C1P/FRKcfNdUU0XDbpVU7kCgYBWsbu1zSQ0o1UITYZf4/D3mMK6tt/GParDAU3b
+DpkrqMoMQliPi/zRfIvhtloPDoqWMXPmPzZ/TSGfbwLkL2Lt47iQBSpvOQdOdHDm
+bYNBFShwUSBiEYRcVA8f+H+lDWYLS0gTX9Ywoi9+eaWTg3sSoOwDFf1p2MmsbL8S
+kEFEdQKBgCmc/NESy29MO3j8tH63UbdmD7BeHA36KNmRFzosE9O62eM5xcWsUeE0
+Xd1vC0V8R9J4sF7ZcwfI9q/XW5I6wW4aKWlwCa1yx7A39Ea9UjiASmY7+hx3vn0z
+4XAfT1HvR2ohvZYmhm1HAuYWuUvphquFrOXCxuycAvgcaXQBKR0L
+-----END RSA PRIVATE KEY-----

data/spec/support/certificates/server-second-level.pem

@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 403728 (0x62910)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN = intermediate-server, OU = Ruby Driver, O = MongoDB, L = New York City, ST = New York, C = US
+        Validity
+            Not Before: May 30 22:28:04 2019 GMT
+            Not After : May 30 22:28:04 2039 GMT
+        Subject: CN = localhost, OU = Ruby Driver, O = MongoDB, L = New York City, ST = New York, C = US
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:94:9a:50:f9:bc:68:39:68:e3:54:1d:48:d9:83:
+                    b7:7f:8c:59:cd:54:8d:ba:af:13:ef:25:a5:9d:c4:
+                    d6:0a:f4:10:c4:ee:e7:b5:60:81:83:5f:3f:88:bd:
+                    63:d7:39:68:8d:2b:d6:85:a8:f6:4a:6e:52:6c:f1:
+                    03:71:a7:2e:2f:e2:80:6a:c3:5a:94:7a:70:2c:5f:
+                    a1:ea:17:e5:db:54:24:75:d3:3a:8d:83:22:96:76:
+                    21:9f:b5:51:ff:b8:4d:33:b8:6c:39:bb:68:98:71:
+                    50:b5:41:67:bd:f5:76:f8:49:1e:58:fe:d7:a4:54:
+                    c1:15:25:b1:24:2f:20:ea:56:a4:29:2f:83:f4:c2:
+                    a9:13:12:a1:f3:9b:9e:95:6d:25:c4:bf:d9:74:0f:
+                    d3:1f:7a:87:f7:a8:f8:82:8b:0d:4f:e8:5b:6e:32:
+                    00:e0:e8:8a:35:91:75:82:56:37:7f:f5:ab:5d:0f:
+                    7f:b9:61:62:13:e4:38:44:f8:3b:58:f9:87:23:6a:
+                    aa:79:cf:6b:df:52:2b:40:0c:4d:12:b0:84:ac:40:
+                    f3:6e:f1:0f:37:23:f0:54:7c:f5:e3:b8:0b:20:77:
+                    27:ef:7f:2a:bf:20:ee:06:50:25:0b:42:57:1a:45:
+                    ca:a2:65:71:e1:bf:5d:f1:79:6f:66:3d:22:28:b9:
+                    d9:93
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, IP Address:127.0.0.1
+    Signature Algorithm: sha256WithRSAEncryption
+         8a:2d:64:a3:92:30:31:8c:b8:50:8d:20:9f:24:e9:62:8f:98:
+         e4:6b:4b:75:3b:90:fb:51:b3:65:79:a8:5f:ac:fc:57:f1:ca:
+         34:72:6b:07:37:82:d0:b8:89:a4:6d:eb:4a:2e:c5:7c:f6:eb:
+         bf:40:84:5d:56:0c:77:c8:79:f6:28:6c:86:50:ad:0b:d4:99:
+         58:ec:da:b3:ad:e0:55:93:b6:be:2f:4a:29:dd:4c:f4:41:85:
+         41:59:ba:3f:0a:3d:ce:c5:66:c6:41:c6:b0:94:f5:f9:f9:e9:
+         ff:85:c4:df:f7:36:33:7e:80:fc:b6:89:cc:d8:72:c8:2f:ae:
+         49:80:c7:65:c2:ec:5b:31:c1:ed:da:76:39:92:bf:cb:d9:8a:
+         ef:44:7c:a3:e3:ae:db:17:19:4d:7e:4e:e5:61:09:bc:18:b8:
+         c4:09:b7:46:d8:0f:f9:6f:d8:60:ec:ec:a5:51:28:a7:06:83:
+         bd:5d:39:76:aa:26:cc:b1:d0:ac:f4:ad:88:40:0d:8b:73:32:
+         62:a8:5e:47:12:99:6c:a1:6a:25:a3:f4:62:45:5e:89:36:d4:
+         17:ed:e4:54:cf:1d:6a:67:19:67:eb:4e:64:83:7b:5b:67:e4:
+         a4:e5:26:1d:0e:56:4f:7f:b7:32:19:44:85:fe:ba:ae:58:d4:
+         e3:ed:a5:71
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIDBikQMA0GCSqGSIb3DQEBCwUAMH4xHDAaBgNVBAMTE2lu
+dGVybWVkaWF0ZS1zZXJ2ZXIxFDASBgNVBAsTC1J1YnkgRHJpdmVyMRAwDgYDVQQK
+EwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcg
+WW9yazELMAkGA1UEBhMCVVMwHhcNMTkwNTMwMjIyODA0WhcNMzkwNTMwMjIyODA0
+WjB0MRIwEAYDVQQDEwlsb2NhbGhvc3QxFDASBgNVBAsTC1J1YnkgRHJpdmVyMRAw
+DgYDVQQKEwdNb25nb0RCMRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQI
+EwhOZXcgWW9yazELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCUmlD5vGg5aONUHUjZg7d/jFnNVI26rxPvJaWdxNYK9BDE7ue1YIGD
+Xz+IvWPXOWiNK9aFqPZKblJs8QNxpy4v4oBqw1qUenAsX6HqF+XbVCR10zqNgyKW
+diGftVH/uE0zuGw5u2iYcVC1QWe99Xb4SR5Y/tekVMEVJbEkLyDqVqQpL4P0wqkT
+EqHzm56VbSXEv9l0D9Mfeof3qPiCiw1P6FtuMgDg6Io1kXWCVjd/9atdD3+5YWIT
+5DhE+DtY+Ycjaqp5z2vfUitADE0SsISsQPNu8Q83I/BUfPXjuAsgdyfvfyq/IO4G
+UCULQlcaRcqiZXHhv13xeW9mPSIoudmTAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxv
+Y2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAii1ko5IwMYy4UI0gnyTp
+Yo+Y5GtLdTuQ+1GzZXmoX6z8V/HKNHJrBzeC0LiJpG3rSi7FfPbrv0CEXVYMd8h5
+9ihshlCtC9SZWOzas63gVZO2vi9KKd1M9EGFQVm6Pwo9zsVmxkHGsJT1+fnp/4XE
+3/c2M36A/LaJzNhyyC+uSYDHZcLsWzHB7dp2OZK/y9mK70R8o+Ou2xcZTX5O5WEJ
+vBi4xAm3RtgP+W/YYOzspVEopwaDvV05dqomzLHQrPStiEANi3MyYqheRxKZbKFq
+JaP0YkVeiTbUF+3kVM8damcZZ+tOZIN7W2fkpOUmHQ5WT3+3MhlEhf66rljU4+2l
+cQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAlJpQ+bxoOWjjVB1I2YO3f4xZzVSNuq8T7yWlncTWCvQQxO7n
+tWCBg18/iL1j1zlojSvWhaj2Sm5SbPEDcacuL+KAasNalHpwLF+h6hfl21QkddM6
+jYMilnYhn7VR/7hNM7hsObtomHFQtUFnvfV2+EkeWP7XpFTBFSWxJC8g6lakKS+D
+9MKpExKh85uelW0lxL/ZdA/TH3qH96j4gosNT+hbbjIA4OiKNZF1glY3f/WrXQ9/
+uWFiE+Q4RPg7WPmHI2qqec9r31IrQAxNErCErEDzbvEPNyPwVHz147gLIHcn738q
+vyDuBlAlC0JXGkXKomVx4b9d8XlvZj0iKLnZkwIDAQABAoIBAQCSQhwG4KgYMSLl
+q/kClQBrGkFctabVIfJVw1DxKkWc/EDxA06tFvIB0iJfPEBjGY7Mu2Plo7nc4h5g
+OQqxtuDfomfQLLwfPS7gjbN4CtNh/rvv99k+ZN4LBvPrE/RD4yqhCBgE7m5w876C
+13/61/ijQJwM7a5igESVwsZJndUgrmg5m358QaMCi11upkhk3MnYK93P4S3RTaBs
+pzxjSAbgMJ7vD7NUSe1oXKMBNNMgLbQumOp00q8tsZAOToSGYOQI69q3pONRaB+e
+rrdu7qyDUBQHgZVB+bahtYmpHa0IxVOqAsZqfXNyPDgPRkRDkaoR8pTHbKX6a+a9
+7Gr3ISe5AoGBAOAU94g04TBypSeiufE+4cB5+rXjmYIlTMs0x6KHunZr0XpRlMPv
+y4upZQ+O4eo5rrEc0nAaHP/XvNfcogYzyy4qg7DrGl2Px4+iuoGvj5o/0wILZ2Hy
+ZnWlmJiMctn9Z+MUhMNfLxjEzSly3Y+nZkMYLzNoIgdcqk9jjnw2d3lvAoGBAKnF
+CsY7LNySixPHHAfCQt3rkEEvPQMMPStNp6ct84StYJyCGyOUyjLBjcBrq4/tOc/D
+fpoJDBUMUJj9yrVp3he3x00cXAoneX2ED4jnNMMPm84blr02hSCwU/1ldyKDm34/
+OXlym0UF0nYB2f3hrrwBTic5y2L90PdGfBUD5GgdAoGAcO2gIeCkbEoauXLkypOq
+KdpPY0MkpdYucWpUAbDtY6jKlR5wHp7GscfYypJzgBs50sB3vU8rtjP/U7o5XW7U
+wptiatLRIr3HELgtzhWwBUiNCsa8fzwuLrQZxydg6kMvC93XWq6piY4E5xKgXjk6
+7C1P/FRKcfNdUU0XDbpVU7kCgYBWsbu1zSQ0o1UITYZf4/D3mMK6tt/GParDAU3b
+DpkrqMoMQliPi/zRfIvhtloPDoqWMXPmPzZ/TSGfbwLkL2Lt47iQBSpvOQdOdHDm
+bYNBFShwUSBiEYRcVA8f+H+lDWYLS0gTX9Ywoi9+eaWTg3sSoOwDFf1p2MmsbL8S
+kEFEdQKBgCmc/NESy29MO3j8tH63UbdmD7BeHA36KNmRFzosE9O62eM5xcWsUeE0
+Xd1vC0V8R9J4sF7ZcwfI9q/XW5I6wW4aKWlwCa1yx7A39Ea9UjiASmY7+hx3vn0z
+4XAfT1HvR2ohvZYmhm1HAuYWuUvphquFrOXCxuycAvgcaXQBKR0L
+-----END RSA PRIVATE KEY-----

data/spec/support/certificates/server.pem

@@ -1,3 +1,77 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 210471 (0x33627)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN = Ruby Driver CA, OU = Drivers, O = MongoDB, L = New York City, ST = New York, C = US
+        Validity
+            Not Before: Feb 14 20:57:50 2019 GMT
+            Not After : Feb 14 20:57:50 2039 GMT
+        Subject: CN = localhost, OU = Drivers, O = MongoDB, L = New York City, ST = New York, C = US
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d3:29:70:81:e1:41:92:c0:cc:9b:92:0c:a9:17:
+                    02:95:2e:55:0d:80:f3:2e:5d:27:24:db:4f:a6:6a:
+                    a9:ce:66:bd:4e:7c:eb:01:04:28:68:11:40:39:0e:
+                    ff:67:ba:4c:fe:05:7f:cb:e1:37:33:36:1e:a4:ee:
+                    62:02:6b:a6:d1:b3:24:de:a5:1f:34:1c:b2:f1:c8:
+                    04:09:09:fe:28:e0:23:ef:7d:47:1b:55:b5:ce:41:
+                    0d:4a:55:3c:65:19:f1:c5:56:69:d3:17:1a:cc:43:
+                    26:23:22:d3:f8:0c:85:21:9b:6e:fd:9e:bb:b1:19:
+                    db:d8:10:74:7b:0f:f2:c6:b3:0a:d0:83:c6:48:c3:
+                    99:71:f8:49:cf:f3:99:5b:eb:a1:c0:e9:6c:e8:a6:
+                    84:ac:2e:1f:56:c2:1f:02:90:be:5e:ee:b7:b5:7d:
+                    9b:5f:c2:76:23:c0:d8:8d:1b:52:f7:0d:21:1e:aa:
+                    22:08:48:2f:ce:b4:a2:d4:92:fa:58:14:35:77:b2:
+                    20:9e:52:b6:32:7b:b0:8a:49:33:83:52:57:ba:8e:
+                    d9:12:8a:4d:54:f3:0e:26:c2:8b:c9:28:83:1a:34:
+                    a1:a1:ee:b8:47:1e:d4:9d:b4:2e:90:15:c1:ef:a3:
+                    c6:9f:7b:2d:37:08:8b:3a:4a:f5:25:58:87:60:7f:
+                    d7:ab
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
+    Signature Algorithm: sha256WithRSAEncryption
+         83:4c:55:bb:f9:09:c9:db:6e:ca:2b:91:36:78:f9:2e:26:5a:
+         b0:4f:1b:2c:61:45:dc:c8:3b:7c:3d:31:b5:78:01:a1:07:2c:
+         c6:d4:05:d9:61:d2:23:74:89:0c:50:8c:a1:86:94:a9:95:4c:
+         0e:01:3d:60:3e:5a:79:24:09:41:80:63:59:d4:b1:85:bf:2e:
+         c3:f0:e8:40:b4:56:01:1f:4b:79:69:f1:54:f9:97:b9:46:b5:
+         6f:d1:56:a0:f1:de:5f:7e:03:61:53:ff:6a:fc:b3:d6:ea:ab:
+         80:1c:24:89:a1:64:41:62:53:50:f1:74:02:36:04:22:37:8a:
+         d8:10:85:af:6b:3a:00:34:d6:13:7a:2e:de:24:ed:ef:e7:7f:
+         ac:f9:12:70:8e:d7:b2:5b:c1:ab:5a:9d:7d:8a:76:e9:9c:54:
+         4e:6d:ed:41:d5:00:bf:14:b9:d1:1a:d0:42:81:ab:04:1f:84:
+         0d:ba:f8:40:eb:b8:88:40:82:75:2d:9e:94:51:e3:fb:21:b0:
+         9a:55:9e:84:b4:5e:a7:e3:cb:b3:6c:0c:15:56:af:7d:6e:ad:
+         13:90:29:30:c7:ed:68:3f:b3:9e:ae:3c:30:e1:8b:39:3a:41:
+         42:24:34:76:90:49:d6:51:3d:ee:86:85:3d:fb:dd:e1:f2:37:
+         a3:13:c1:e5
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIDAzYnMA0GCSqGSIb3DQEBCwUAMHUxFzAVBgNVBAMTDlJ1
+YnkgRHJpdmVyIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdNb25nb0RC
+MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG
+A1UEBhMCVVMwHhcNMTkwMjE0MjA1NzUwWhcNMzkwMjE0MjA1NzUwWjBwMRIwEAYD
+VQQDEwlsb2NhbGhvc3QxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdv
+REIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQsw
+CQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMpcIHh
+QZLAzJuSDKkXApUuVQ2A8y5dJyTbT6Zqqc5mvU586wEEKGgRQDkO/2e6TP4Ff8vh
+NzM2HqTuYgJrptGzJN6lHzQcsvHIBAkJ/ijgI+99RxtVtc5BDUpVPGUZ8cVWadMX
+GsxDJiMi0/gMhSGbbv2eu7EZ29gQdHsP8sazCtCDxkjDmXH4Sc/zmVvrocDpbOim
+hKwuH1bCHwKQvl7ut7V9m1/CdiPA2I0bUvcNIR6qIghIL860otSS+lgUNXeyIJ5S
+tjJ7sIpJM4NSV7qO2RKKTVTzDibCi8kogxo0oaHuuEce1J20LpAVwe+jxp97LTcI
+izpK9SVYh2B/16sCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAAB
+hxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQCDTFW7+QnJ227K
+K5E2ePkuJlqwTxssYUXcyDt8PTG1eAGhByzG1AXZYdIjdIkMUIyhhpSplUwOAT1g
+Plp5JAlBgGNZ1LGFvy7D8OhAtFYBH0t5afFU+Ze5RrVv0Vag8d5ffgNhU/9q/LPW
+6quAHCSJoWRBYlNQ8XQCNgQiN4rYEIWvazoANNYTei7eJO3v53+s+RJwjteyW8Gr
+Wp19inbpnFRObe1B1QC/FLnRGtBCgasEH4QNuvhA67iIQIJ1LZ6UUeP7IbCaVZ6E
+tF6n48uzbAwVVq99bq0TkCkwx+1oP7Oerjww4Ys5OkFCJDR2kEnWUT3uhoU9+93h
+8jejE8Hl
+-----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEA0ylwgeFBksDMm5IMqRcClS5VDYDzLl0nJNtPpmqpzma9Tnzr
 AQQoaBFAOQ7/Z7pM/gV/y+E3MzYepO5iAmum0bMk3qUfNByy8cgECQn+KOAj731H
@@ -25,25 +99,3 @@ vYiXowKBgQDVcwEyiBFY2sdwMQJ8jyHwJxcGzp7M2eDfbBOXhA2vnMM0M2J1PyxR
 VM9cElyyX5/KsdnmIRCa/GpTm5Fuuua9pG3geB2z+Gxq+9wccc/72MQfX1GoYWc8
 StVxFy3oAncFNiXtgew++P/8ANZiABBXU4aG13iLJotQkXjO2okqBA==
 -----END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIDAzYnMA0GCSqGSIb3DQEBCwUAMHUxFzAVBgNVBAMTDlJ1
-YnkgRHJpdmVyIENBMRAwDgYDVQQLEwdEcml2ZXJzMRAwDgYDVQQKEwdNb25nb0RC
-MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG
-A1UEBhMCVVMwHhcNMTkwMjE0MjA1NzUwWhcNMzkwMjE0MjA1NzUwWjBwMRIwEAYD
-VQQDEwlsb2NhbGhvc3QxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01vbmdv
-REIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQsw
-CQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMpcIHh
-QZLAzJuSDKkXApUuVQ2A8y5dJyTbT6Zqqc5mvU586wEEKGgRQDkO/2e6TP4Ff8vh
-NzM2HqTuYgJrptGzJN6lHzQcsvHIBAkJ/ijgI+99RxtVtc5BDUpVPGUZ8cVWadMX
-GsxDJiMi0/gMhSGbbv2eu7EZ29gQdHsP8sazCtCDxkjDmXH4Sc/zmVvrocDpbOim
-hKwuH1bCHwKQvl7ut7V9m1/CdiPA2I0bUvcNIR6qIghIL860otSS+lgUNXeyIJ5S
-tjJ7sIpJM4NSV7qO2RKKTVTzDibCi8kogxo0oaHuuEce1J20LpAVwe+jxp97LTcI
-izpK9SVYh2B/16sCAwEAAaMwMC4wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/AAAB
-hxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IBAQCDTFW7+QnJ227K
-K5E2ePkuJlqwTxssYUXcyDt8PTG1eAGhByzG1AXZYdIjdIkMUIyhhpSplUwOAT1g
-Plp5JAlBgGNZ1LGFvy7D8OhAtFYBH0t5afFU+Ze5RrVv0Vag8d5ffgNhU/9q/LPW
-6quAHCSJoWRBYlNQ8XQCNgQiN4rYEIWvazoANNYTei7eJO3v53+s+RJwjteyW8Gr
-Wp19inbpnFRObe1B1QC/FLnRGtBCgasEH4QNuvhA67iIQIJ1LZ6UUeP7IbCaVZ6E
-tF6n48uzbAwVVq99bq0TkCkwx+1oP7Oerjww4Ys5OkFCJDR2kEnWUT3uhoU9+93h
-8jejE8Hl
------END CERTIFICATE-----

data/spec/support/constraints.rb

@@ -72,7 +72,7 @@ module Constraints
     require_topology :replica_set
   end
 
-  def require_ssl
+  def require_tls
     before do
       unless SpecConfig.instance.ssl?
         skip "SSL not enabled"
@@ -80,7 +80,7 @@ module Constraints
     end
   end
 
-  def require_no_ssl
+  def require_no_tls
     before do
       if SpecConfig.instance.ssl?
         skip "SSL enabled"
@@ -89,11 +89,7 @@ module Constraints
   end
 
   def require_local_tls
-    before do
-      unless SpecConfig.instance.ssl? && !SpecConfig.instance.ci?
-        skip 'Not running locally with TLS enabled'
-      end
-    end
+    require_tls
   end
 
   def require_no_retry_writes

data/spec/support/spec_config.rb

@@ -4,6 +4,7 @@ class SpecConfig
   include Singleton
 
   def initialize
+    @uri_options = {}
     if ENV['MONGODB_URI']
       @mongodb_uri = Mongo::URI.new(ENV['MONGODB_URI'])
       @uri_options = Mongo::Options::Mapper.transform_keys_to_symbols(@mongodb_uri.uri_options)
@@ -37,6 +38,14 @@ class SpecConfig
       end
     end
 
+    @uri_tls_options = {}
+    @uri_options.each do |k, v|
+      k = k.to_s.downcase
+      if k.start_with?('ssl')
+        @uri_tls_options[k] = v
+      end
+    end
+
     if @addresses.nil?
       # Discover deployment topology
       if @mongodb_uri
@@ -188,33 +197,91 @@ EOT
   end
 
   def ssl_certs_dir
-    "#{spec_root}/support/certificates"
+    Pathname.new("#{spec_root}/support/certificates")
   end
 
-  def client_cert_pem
-    if drivers_tools?
-      ENV['DRIVER_TOOLS_CLIENT_CERT_PEM']
+  # TLS certificates & keys
+
+  def local_client_key_path
+    "#{ssl_certs_dir}/client.key"
+  end
+
+  def client_key_path
+    if drivers_tools? && ENV['DRIVER_TOOLS_CLIENT_KEY_PEM']
+      ENV['DRIVER_TOOLS_CLIENT_KEY_PEM']
     else
-      "#{ssl_certs_dir}/client_cert.pem"
+      local_client_key_path
     end
   end
 
-  def client_key_pem
-    if drivers_tools?
-      ENV['DRIVER_TOOLS_CLIENT_KEY_PEM']
+  def local_client_cert_path
+    "#{ssl_certs_dir}/client.crt"
+  end
+
+  def client_cert_path
+    if drivers_tools? && ENV['DRIVER_TOOLS_CLIENT_CERT_PEM']
+      ENV['DRIVER_TOOLS_CLIENT_CERT_PEM']
     else
-      "#{ssl_certs_dir}/client_key.pem"
+      local_client_cert_path
     end
   end
 
-  def client_cert_key_pem
-    if drivers_tools?
+  def local_client_pem_path
+    "#{ssl_certs_dir}/client.pem"
+  end
+
+  def client_pem_path
+    if drivers_tools? && ENV['DRIVER_TOOLS_CLIENT_CERT_KEY_PEM']
       ENV['DRIVER_TOOLS_CLIENT_CERT_KEY_PEM']
     else
-      "#{ssl_certs_dir}/client.pem"
+      local_client_pem_path
+    end
+  end
+
+  def second_level_cert_path
+    "#{ssl_certs_dir}/client-second-level.crt"
+  end
+
+  def second_level_key_path
+    "#{ssl_certs_dir}/client-second-level.key"
+  end
+
+  def second_level_cert_bundle_path
+    "#{ssl_certs_dir}/client-second-level-bundle.pem"
+  end
+
+  def local_client_encrypted_key_path
+    "#{ssl_certs_dir}/client-encrypted.key"
+  end
+
+  def client_encrypted_key_path
+    if drivers_tools? && ENV['DRIVER_TOOLS_CLIENT_KEY_ENCRYPTED_PEM']
+      ENV['DRIVER_TOOLS_CLIENT_KEY_ENCRYPTED_PEM']
+    else
+      local_client_encrypted_key_path
+    end
+  end
+
+  def client_encrypted_key_passphrase
+    'passphrase'
+  end
+
+  def local_ca_cert_path
+    "#{ssl_certs_dir}/ca.crt"
+  end
+
+  def ca_cert_path
+    if drivers_tools? && ENV['DRIVER_TOOLS_CA_PEM']
+      ENV['DRIVER_TOOLS_CA_PEM']
+    else
+      local_ca_cert_path
     end
   end
 
+  def multi_ca_path
+    "#{ssl_certs_dir}/multi-ca.crt"
+  end
+
   # The default test database for all specs.
   def test_db
     'ruby-driver'.freeze
@@ -234,10 +301,11 @@ EOT
     if ssl?
       {
         ssl: true,
-        ssl_verify: false,
-        ssl_cert:  client_cert_pem,
-        ssl_key:  client_key_pem,
-      }
+        ssl_verify: true,
+        ssl_cert:  client_cert_path,
+        ssl_key:  client_key_path,
+        ssl_ca_cert: ca_cert_path,
+      }.merge(@uri_tls_options)
     else
       {}
     end