diff options
author | ADAM David Alan Martin <adam.martin@10gen.com> | 2017-08-18 16:12:07 -0400 |
---|---|---|
committer | ADAM David Alan Martin <adam.martin@10gen.com> | 2017-08-18 16:12:07 -0400 |
commit | f87acd46f9445939e3c8e0531380a7870eff2b1f (patch) | |
tree | 4f50437cfa6b683eebd9535fcbe4fd3cbd1bb87d | |
parent | c5b7415b7d1a314dd7f4f1143bc5b354894183c0 (diff) | |
download | mongo-f87acd46f9445939e3c8e0531380a7870eff2b1f.tar.gz |
Revert "SERVER-23645 Unix socket certificate name mismatch is now a warning"
This reverts commit c5b7415b7d1a314dd7f4f1143bc5b354894183c0.
-rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index 4b24e0b85b4..a7f6755a8c8 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -76,18 +76,6 @@ namespace mongo { namespace { -// Because the hostname having a slash is used by `mongo::SockAddr` to determine if a hostname is a -// Unix Domain Socket endpoint, this function uses the same logic. (See -// `mongo::SockAddr::Sockaddr(StringData, int, sa_family_t)`). A user explicitly specifying a Unix -// Domain Socket in the present working directory, through a code path which supplies `sa_family_t` -// as `AF_UNIX` will cause this code to lie. This will, in turn, cause the -// `SSLManager::parseAndValidatePeerCertificate` code to believe a socket is a host, which will then -// cause a connection failure if and only if that domain socket also has a certificate for SSL and -// the connection is an SSL connection. -bool isUnixDomainSocket(const std::string& hostname) { - return end(hostname) != std::find(begin(hostname), end(hostname) '/'); -} - const transport::Session::Decoration<SSLPeerInfo> peerInfoForSession = transport::Session::declareDecoration<SSLPeerInfo>(); @@ -1398,7 +1386,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManager::parseAndValidatePeerCertifi msgBuilder << "The server certificate does not match the host name. Hostname: " << remoteHost << " does not match " << certificateNames.str(); std::string msg = msgBuilder.str(); - if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHost)) { + if (_allowInvalidCertificates || _allowInvalidHostnames) { warning() << msg; } else { error() << msg; |