--gen-certs option

[p-mongo]

This is a work in progress implementation of #127 / #667 .

Currently --gen-certs will 1) make one cert and 2) tell mongod to use it. The server must be launched with --sslAllowConnectionsWithoutCertificates and the client must be launched with --sslAllowInvalidCertificates (and --ssl).

TODO (which I may or may not be doing immediately):

1. Make a client cert also, to be able to run the client without --sslAllowInvalidCertificates.
2. Figure out how this plays with cluster auth and cert auth.

[p-mongo]

@rueckstiess Any thoughts on this PR?

[stennie]

@p-mongo Apologies for the delay in feedback. We had some private discussion when you posted the original WIP but neglected to comment on the issue.

We thought generating self-signed certificates (with associated forced options) might be feature creep, but if this works cross-platform it could be handy. Can you add usage instructions to docs/mlaunch.rst?

Regards,
Stennie

[p-mongo]

I have since figured out how to use test certificates in the driver (https://github.com/mongodb/mongo-ruby-driver/tree/master/spec#tls-with-verification) therefore I am also fine with not making the change proposed in this PR.

[stennie]

@p-mongo OK, will close this for now.