diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2018-07-13 13:47:36 +0000 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-07-13 17:02:10 +0000 |
commit | 6419a6d5e228e68d3d3f4ffec4e6f90b6413281f (patch) | |
tree | 1f01a570f66d3de6a0db790a2cd5b5f19c9941ab | |
parent | 70973a0aaabaad1550376aa8913fd7fa46e7af72 (diff) | |
download | mongo-6419a6d5e228e68d3d3f4ffec4e6f90b6413281f.tar.gz |
SERVER-36110 Fix --tlsOnNormalPorts canonicalization
-rw-r--r-- | jstests/ssl/config-canonicalize-normal-ports.js | 13 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_options_server.cpp | 8 |
2 files changed, 19 insertions, 2 deletions
diff --git a/jstests/ssl/config-canonicalize-normal-ports.js b/jstests/ssl/config-canonicalize-normal-ports.js new file mode 100644 index 00000000000..b83f8b2efa4 --- /dev/null +++ b/jstests/ssl/config-canonicalize-normal-ports.js @@ -0,0 +1,13 @@ +// Make sure the psuedo-option --tlsOnNormalPorts is correctly canonicalized. + +(function() { + 'use strict'; + + const mongod = MongoRunner.runMongod({ + tlsOnNormalPorts: '', + tlsPEMKeyFile: 'jstests/libs/server.pem', + }); + assert(mongod); + assert.commandWorked(mongod.getDB('admin').runCommand({isMaster: 1})); + MongoRunner.stopMongod(mongod); +})(); diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp index 930eccaf2c4..670f824ff19 100644 --- a/src/mongo/util/net/ssl_options_server.cpp +++ b/src/mongo/util/net/ssl_options_server.cpp @@ -408,14 +408,18 @@ MONGO_MODULE_STARTUP_OPTIONS_REGISTER(SSLServerOptions)(InitializerContext*) { return moe::startupOptions.addSection(options); } +// Alias --tlsOnNormalPorts as --tlsMode=requireTLS Status canonicalizeSSLServerOptions(moe::Environment* params) { if (params->count("net.tls.tlsOnNormalPorts") && (*params)["net.tls.tlsOnNormalPorts"].as<bool>() == true) { - Status ret = params->set("net.tls.mode", moe::Value(std::string("requireTLS"))); + // Must remove the old setting before adding the new one + // since as soon as we add it, the incompatibleWith validation will run. + auto ret = params->remove("net.tls.tlsOnNormalPorts"); if (!ret.isOK()) { return ret; } - ret = params->remove("net.tls.tlsOnNormalPorts"); + + ret = params->set("net.tls.mode", moe::Value(std::string("requireTLS"))); if (!ret.isOK()) { return ret; } |