updates to some codeSERVER-36895

author: Shreyas Kalyan <shreyaskalyan@gmail.com> 2018-09-17 14:13:48 -0400
committer: Shreyas Kalyan <shreyaskalyan@gmail.com> 2018-09-17 14:13:48 -0400
commit: 5bc4d3a0dcf8b0f0a6da7b1ca6c9fb02a3daba5d (patch)
tree: 7effd533dff686f8be4b12d3767d7684df318301
parent: 78ad7b65931e1133b78e38d96ba0ded319757387 (diff)
download: mongo-SERVER-36895.tar.gz
4 files changed, 9 insertions, 5 deletions
diff --git a/jstests/ssl/ssl_x509_SAN.js b/jstests/ssl/ssl_x509_SAN.js
index 3d0a9886193..0896d5caf0c 100644
--- a/jstests/ssl/ssl_x509_SAN.js
+++ b/jstests/ssl/ssl_x509_SAN.js
@@ -4,7 +4,7 @@ load('jstests/ssl/libs/ssl_helpers.js');
     "use strict";
 
     const SERVER1_CERT = "jstests/libs/server_SAN.pem";
-    const SERVER2_CERT = "jstests/libs/server_SAN2.pem"
+    const SERVER2_CERT = "jstests/libs/server_SAN2.pem";
     const CA_CERT = "jstests/libs/ca.pem";
     const CLIENT_CERT = "jstests/libs/client_SAN.pem";
 
@@ -62,7 +62,6 @@ load('jstests/ssl/libs/ssl_helpers.js');
     print("1. Testing x.509 auth to mongod");
     {
         let mongo = MongoRunner.runMongod(x509_options);
-        print("MMONGONSDOJNFOSNDF")
         authAndTest(mongo.port);
         MongoRunner.stopMongod(mongo);
     }
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp
index 0bbc2b47429..3d53297aa19 100644
--- a/src/mongo/util/net/ssl_manager_apple.cpp
+++ b/src/mongo/util/net/ssl_manager_apple.cpp
@@ -1479,7 +1479,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerApple::parseAndValidatePeerCe
 
     if (!sanMatch && !cnMatch) {
         const auto msg = certErr.str();
-        if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHostName)) {
+        if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHost)) {
             warning() << msg;
         } else {
             error() << msg;
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp
index fe86588cd85..4b9ce8e37fe 100644
--- a/src/mongo/util/net/ssl_manager_openssl.cpp
+++ b/src/mongo/util/net/ssl_manager_openssl.cpp
@@ -1384,7 +1384,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerOpenSSL::parseAndValidatePeer
                     sanMatch = true;
                     break;
                 }
-                certificateNames << std::string(dnsName) << " ";
+                certificateNames << std::string(dnsName) << ", ";
             } else if (currentName && currentName -> type == GEN_IPADD) {
                 std::string ipAddress (reinterpret_cast<char*>(ASN1_STRING_data(currentName->d.iPAddress)));
                 auto swCIDRIPAddress = CIDR::parse(ipAddress);
@@ -1395,6 +1395,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerOpenSSL::parseAndValidatePeer
                     sanMatch = true;
                     break;
                 }
+                certificateNames << std::string(ipAddress) << ", ";
             }
         }
         sk_GENERAL_NAME_pop_free(sanNames, GENERAL_NAME_free);
@@ -1418,7 +1419,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerOpenSSL::parseAndValidatePeer
         msgBuilder << "The server certificate does not match the host name. Hostname: "
                    << remoteHost << " does not match " << certificateNames.str();
         std::string msg = msgBuilder.str();
-        if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHostName)) {
+        if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHost)) {
             warning() << msg;
         } else {
             error() << msg;
diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp
index 7ac11406796..ad026f67dfe 100644
--- a/src/mongo/util/net/ssl_manager_windows.cpp
+++ b/src/mongo/util/net/ssl_manager_windows.cpp
@@ -59,6 +59,7 @@
 #include "mongo/util/net/ssl_types.h"
 #include "mongo/util/text.h"
 #include "mongo/util/uuid.h"
+#include "mongo/base/data_range.h"
 
 namespace mongo {
 
@@ -1518,6 +1519,9 @@ StatusWith<std::vector<std::string>> getSubjectAlternativeNames(PCCERT_CONTEXT c
     for (size_t i = 0; i < altNames->cAltEntry; i++) {
         if (altNames->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) {
             names.push_back(toUtf8String(altNames->rgAltEntry[i].pwszDNSName));
+        } else if (altNames->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) {
+            auto ip_struct = altNames->rgAltEntry[i].IPAddress;
+            
         }
     }
author	Shreyas Kalyan <shreyaskalyan@gmail.com>	2018-09-17 14:13:48 -0400
committer	Shreyas Kalyan <shreyaskalyan@gmail.com>	2018-09-17 14:13:48 -0400
commit	5bc4d3a0dcf8b0f0a6da7b1ca6c9fb02a3daba5d (patch)
tree	7effd533dff686f8be4b12d3767d7684df318301
parent	78ad7b65931e1133b78e38d96ba0ded319757387 (diff)
download	mongo-SERVER-36895.tar.gz