DOCSP-31483: tls cert files read async v6 (#736)

rustagir · web-flow · commit 5e7ec535794d · 2023-08-09T12:59:03.000-04:00
* DOCSP-31483: tls cert files read async * CC PR suggestions
diff --git a/source/fundamentals/connection/connection-options.txt b/source/fundamentals/connection/connection-options.txt
@@ -226,32 +226,40 @@ parameters of the connection URI to specify the behavior of the client.
      - ``false``
      - Specifies whether TLS is required for connections to the server.
        Using a ``srvServiceName`` of  ``"mongodb+srv"``, or specifying other
-       ``tls`` prefixed options will default ``tls`` to ``true``.
+       ``tls``-prefixed options implicitly sets the value of ``tls`` to
+       ``true``.
 
    * - **tlsAllowInvalidCertificates**
      - boolean
      - ``false``
      - Specifies whether the driver should error when the server’s
-       TLS certificate is invalid.
+       TLS certificate is invalid. You should only set this option to
+       ``true`` for testing purposes.
 
    * - **tlsAllowInvalidHostnames**
      - boolean
      - ``false``
      - Specifies whether the driver should error when there is a mismatch
        between the server’s hostname and the hostname specified by the
-       TLS certificate.
+       TLS certificate. You should only set this option to
+       ``true`` for testing purposes.
 
    * - **tlsCAFile**
      - string
      - ``null``
      - Specifies the path to a file with either a single or bundle of certificate
-       authorities to trust when making a TLS connection.
+       authorities to trust when making a TLS connection. To learn more
+       about setting this connection option, see the :ref:`Provide
+       Certificate Filepaths <node-tls-filepaths>` section of the TLS guide.
 
    * - **tlsCertificateKeyFile**
      - string
      - ``null``
      - Specifies the path to the client certificate file or the client
-       private key file. If you need both, you must concatenate the files.
+       private key file. If you need both, you must concatenate the
+       files. To learn more about setting this connection option, see
+       the :ref:`Provide Certificate Filepaths <node-tls-filepaths>`
+       section of the TLS guide.
 
    * - **tlsCertificateKeyFilePassword**
      - string
@@ -263,7 +271,8 @@ parameters of the connection URI to specify the behavior of the client.
      - boolean
      - ``false``
      - Specifies to relax TLS constraints as much as possible, such as
-       allowing invalid certificates or hostname mismatches.
+       allowing invalid certificates or hostname mismatches. You should
+       only set this option to ``true`` for testing purposes.
 
    * - **w**
      - non-negative integer or string
diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt
@@ -182,11 +182,15 @@ To learn more about the ``createSecureContext()`` method and the
 For a runnable example that uses a ``SecureContext`` object, see
 the :ref:`SecureContext Example <node-securecontext-full-example>`.
 
+.. _node-tls-filepaths:
+
 Provide Certificate Filepaths
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 You can include the filepaths for your certificates as client options to
-retrieve your certificates while connecting with TLS.
+retrieve your certificates while connecting with TLS. The driver reads
+these files when you call the ``connect()`` method on your
+``MongoClient`` instance.
 
 The following code shows how to provide certificate filepaths as options
 in your ``MongoClient``:
diff --git a/source/upgrade.txt b/source/upgrade.txt
@@ -66,6 +66,10 @@ Version 6.x Breaking Changes
   ``tlsCertificateFile`` option in the ``MongoClientOptions`` type.
   Create a ``SecureContext`` object or set the ``tls``-prefixed options
   in your ``MongoClientOptions`` instance instead.
+- The driver reads files set in the ``tlsCAFile`` and
+  ``tlsCertificateKeyFile`` connection options when you call the
+  ``MongoClient.connect()`` method, not when you create the
+  ``MongoClient`` instance.
 
 .. _node-breaking-changes-v5.x:
 
diff --git a/source/whats-new.txt b/source/whats-new.txt
@@ -79,6 +79,11 @@ The {+driver-short+} v6.0 release includes the following features:
   - ``maxIdleTimeMS``
   - ``waitQueueTimeoutMS``
 
+- The driver asynchronously reads files set in the ``tlsCAFile`` and
+  ``tlsCertificateKeyFile`` connection options when you call
+  the ``MongoClient.connect()`` method, not when you create a
+  ``MongoClient`` instance.
+
 .. _version-5.7:
 
 What's New in 5.7
