diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2014-04-17 17:58:05 -0400 |
---|---|---|
committer | Dan Pasette <dan@mongodb.com> | 2014-05-24 20:04:08 -0400 |
commit | 28f06d9343c06e7f2ac46e98bf264f5f9aab8b7f (patch) | |
tree | 6d379fae29eee0aaeb899b3a7aa0644e35e1e6a9 | |
parent | 213700b3af4d53ce7e808dce2c638d98fc4f91db (diff) | |
download | mongo-28f06d9343c06e7f2ac46e98bf264f5f9aab8b7f.tar.gz |
SERVER-13612 Send list of allowed SSL CAs to clients
(cherry picked from commit 1be16d8968c6bf39f01c4b3e98f854571a337823)
-rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index cf904dcceb1..2fc34c164cc 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -634,6 +634,15 @@ namespace mongo { } bool SSLManager::_setupCA(SSL_CTX* context, const std::string& caFile) { + // Set the list of CAs sent to clients + STACK_OF (X509_NAME) * certNames = SSL_load_client_CA_file(caFile.c_str()); + if (certNames == NULL) { + error() << "cannot read certificate authority file: " << caFile << " " << + getSSLErrorMessage(ERR_get_error()) << endl; + return false; + } + SSL_CTX_set_client_CA_list(context, certNames); + // Load trusted CA if (SSL_CTX_load_verify_locations(context, caFile.c_str(), NULL) != 1) { error() << "cannot read certificate authority file: " << caFile << " " << |