diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2018-06-11 13:27:16 -0400 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-06-11 17:40:34 -0400 |
commit | a79b03763ec3bdcdd4858a5eeae4718984158df1 (patch) | |
tree | 8f0870e70f683b432013ab441196a1c21a022f56 | |
parent | fcc72deb9d4b69be573ca44be7f28a2beddb8b51 (diff) | |
download | mongo-a79b03763ec3bdcdd4858a5eeae4718984158df1.tar.gz |
SERVER-35528 Limit new SSL config options to YAML/CommandLine only
(cherry picked from commit 4ad27bacdc573cb77aae379f7a75742a1dfc2ae1)
-rw-r--r-- | src/mongo/util/net/ssl_options.cpp | 21 | ||||
-rw-r--r-- | src/mongo/util/options_parser/option_description.h | 1 |
2 files changed, 14 insertions, 8 deletions
diff --git a/src/mongo/util/net/ssl_options.cpp b/src/mongo/util/net/ssl_options.cpp index f8a8457e073..72ee5b041c9 100644 --- a/src/mongo/util/net/ssl_options.cpp +++ b/src/mongo/util/net/ssl_options.cpp @@ -254,14 +254,16 @@ Status addSSLServerOptions(moe::OptionSection* options) { moe::String, "SSL Certificate in system store") .incompatibleWith("net.ssl.PEMKeyFile") - .incompatibleWith("net.ssl.PEMKeyPassword"); + .incompatibleWith("net.ssl.PEMKeyPassword") + .setSources(moe::SourceYAMLCLI); options ->addOptionChaining("net.ssl.clusterCertificateSelector", "sslClusterCertificateSelector", moe::String, "SSL Certificate in system store for internal SSL authentication") .incompatibleWith("net.ssl.clusterFile") - .incompatibleWith("net.ssl.clusterFilePassword"); + .incompatibleWith("net.ssl.clusterFilePassword") + .setSources(moe::SourceYAMLCLI); #endif return Status::OK(); @@ -317,14 +319,17 @@ Status addSSLClientOptions(moe::OptionSection* options) { moe::String, "SSL Certificate in system store") .incompatibleWith("ssl.PEMKeyFile") - .incompatibleWith("ssl.PEMKeyPassword"); + .incompatibleWith("ssl.PEMKeyPassword") + .setSources(moe::SourceYAMLCLI); #endif - options->addOptionChaining( - "ssl.disabledProtocols", - "sslDisabledProtocols", - moe::String, - "Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2]"); + options + ->addOptionChaining( + "ssl.disabledProtocols", + "sslDisabledProtocols", + moe::String, + "Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2]") + .setSources(moe::SourceYAMLCLI); return Status::OK(); } diff --git a/src/mongo/util/options_parser/option_description.h b/src/mongo/util/options_parser/option_description.h index de4aba5c705..5d6bce0a048 100644 --- a/src/mongo/util/options_parser/option_description.h +++ b/src/mongo/util/options_parser/option_description.h @@ -64,6 +64,7 @@ enum OptionSources { SourceYAMLConfig = 4, SourceAllConfig = SourceINIConfig | SourceYAMLConfig, SourceAllLegacy = SourceINIConfig | SourceCommandLine, + SourceYAMLCLI = SourceYAMLConfig | SourceCommandLine, SourceAll = SourceCommandLine | SourceINIConfig | SourceYAMLConfig }; |