diff options
| author | Amalia Hawkins <amalia.hawkins@10gen.com> | 2014-09-08 15:18:34 -0400 |
|---|---|---|
| committer | Amalia Hawkins <amalia.hawkins@10gen.com> | 2014-09-11 16:02:49 -0400 |
| commit | 4c429ebe0a44521a293103c8e3b2fb90f14f056e (patch) | |
| tree | 7a4d60ade894c0cd0a5ede99a6abed0fd58f4e52 | |
| parent | f5f42d6c684b8e779aef6889b800235d7417afcb (diff) | |
| download | mongo-4c429ebe0a44521a293103c8e3b2fb90f14f056e.tar.gz | |
SERVER-14977: add new alias for sslWeakCertificateValidation option
| -rw-r--r-- | jstests/ssl/ssl_weak.js | 7 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_options.cpp | 9 |
2 files changed, 12 insertions, 4 deletions
diff --git a/jstests/ssl/ssl_weak.js b/jstests/ssl/ssl_weak.js index b66429b0ed4..d18500842a2 100644 --- a/jstests/ssl/ssl_weak.js +++ b/jstests/ssl/ssl_weak.js @@ -6,13 +6,13 @@ ports = allocatePorts( 2 ); var baseName = "jstests_ssl_ssl_weak"; -// Test that connecting with no client certificate and --sslWeakCertificateValidation connects -// successfully. +// Test that connecting with no client certificate and --sslAllowConnectionsWithoutCertificates +// (an alias for sslWeakCertificateValidation) connects successfully. var md = startMongod( "--port", ports[0], "--dbpath", MongoRunner.dataPath + baseName + "1", "--sslMode", "requireSSL", "--sslPEMKeyFile", "jstests/libs/server.pem", "--sslCAFile", "jstests/libs/ca.pem", - "--sslWeakCertificateValidation"); + "--sslAllowConnectionsWithoutCertificates"); var mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", "--eval", ";"); @@ -20,7 +20,6 @@ var mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", // 0 is the exit code for success assert(mongo==0); - // Test that connecting with a valid client certificate connects successfully. mongo = runMongoProgram("mongo", "--port", ports[0], "--ssl", "--sslPEMKeyFile", "jstests/libs/client.pem", diff --git a/src/mongo/util/net/ssl_options.cpp b/src/mongo/util/net/ssl_options.cpp index d90e5540fcd..6e83c17e87d 100644 --- a/src/mongo/util/net/ssl_options.cpp +++ b/src/mongo/util/net/ssl_options.cpp @@ -71,6 +71,11 @@ namespace mongo { "sslWeakCertificateValidation", moe::Switch, "allow client to connect without " "presenting a certificate"); + // Alias for --sslWeakCertificateValidation. + options->addOptionChaining("net.ssl.allowConnectionsWithoutCertificates", + "sslAllowConnectionsWithoutCertificates", moe::Switch, + "allow client to connect without presenting a certificate"); + options->addOptionChaining("net.ssl.allowInvalidHostnames", "sslAllowInvalidHostnames", moe::Switch, "Allow server certificates to provide non-matching hostnames"); @@ -224,6 +229,10 @@ namespace mongo { sslGlobalParams.sslWeakCertificateValidation = params["net.ssl.weakCertificateValidation"].as<bool>(); } + else if (params.count("net.ssl.allowConnectionsWithoutCertificates")) { + sslGlobalParams.sslWeakCertificateValidation = + params["net.ssl.allowConnectionsWithoutCertificates"].as<bool>(); + } if (params.count("net.ssl.allowInvalidHostnames")) { sslGlobalParams.sslAllowInvalidHostnames = params["net.ssl.allowInvalidHostnames"].as<bool>(); |