diff options
| author | Sara Golemon <sara.golemon@mongodb.com> | 2019-02-12 00:40:39 +0000 |
|---|---|---|
| committer | Sara Golemon <sara.golemon@mongodb.com> | 2019-02-12 23:10:06 +0000 |
| commit | 2c65bbe94d04ac0fa62f4fc51a2ece2e748de739 (patch) | |
| tree | f7a967c67b6ddf1114c4d9c95d49aef8c5e3a69d | |
| parent | d7fcc8ab5b3455ab5530969edc8383929bed07f7 (diff) | |
| download | mongo-2c65bbe94d04ac0fa62f4fc51a2ece2e748de739.tar.gz | |
SERVER-39376 Canonicalize net.ssl.mode to net.tls.mode
| -rw-r--r-- | jstests/ssl/canonicalize_command_line_opts.js | 39 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_options_server.cpp | 17 |
2 files changed, 56 insertions, 0 deletions
diff --git a/jstests/ssl/canonicalize_command_line_opts.js b/jstests/ssl/canonicalize_command_line_opts.js new file mode 100644 index 00000000000..c2c2c96bcf1 --- /dev/null +++ b/jstests/ssl/canonicalize_command_line_opts.js @@ -0,0 +1,39 @@ +// Ensure that all 'ssl' options are canonicalized to their modern 'tls' versions. + +(function() { + 'use strict'; + + function runTest(mongod) { + assert(mongod); + const admin = mongod.getDB('admin'); + + const opts = assert.commandWorked(admin.runCommand({getCmdLineOpts: 1})); + print(tojson(opts)); + assert.eq(typeof(opts), 'object'); + assert.eq(typeof(opts.parsed), 'object'); + assert.eq(typeof(opts.parsed.net), 'object'); + + const net = opts.parsed.net; + assert.eq(typeof(net.ssl), 'undefined'); + assert.eq(typeof(net.tls), 'object'); + + const tls = net.tls; + assert.eq(tls.mode, 'requireTLS'); + assert.eq(tls.CAFile, 'jstests/libs/ca.pem'); + assert.eq(tls.certificateKeyFile, 'jstests/libs/server.pem'); + assert.eq(tls.allowConnectionsWithoutCertificates, true); + assert.eq(tls.allowInvalidHostnames, true); + } + + const options = { + sslMode: 'requireSSL', + sslCAFile: 'jstests/libs/ca.pem', + sslPEMKeyFile: 'jstests/libs/server.pem', + sslAllowConnectionsWithoutCertificates: '', + sslAllowInvalidHostnames: '', + }; + + const mongod = MongoRunner.runMongod(options); + runTest(mongod); + MongoRunner.stopMongod(mongod); +})(); diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp index 25111c0550e..8fdadd085b4 100644 --- a/src/mongo/util/net/ssl_options_server.cpp +++ b/src/mongo/util/net/ssl_options_server.cpp @@ -272,6 +272,23 @@ Status canonicalizeSSLServerOptions(moe::Environment* params) { } } + if (params->count("net.ssl.mode")) { + auto mode = (*params)["net.ssl.mode"].as<std::string>(); + auto ret = params->remove("net.ssl.mode"); + if (!ret.isOK()) { + return ret; + } + + if (StringData(mode).endsWith("SSL")) { + mode.replace(mode.size() - 3, 3, "TLS"); + } + + ret = params->set("net.tls.mode", moe::Value(mode)); + if (!ret.isOK()) { + return ret; + } + } + return Status::OK(); } |