diff options
| author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2020-10-19 18:00:29 -0700 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-10-23 18:12:34 +0000 |
| commit | 6c32cb811fff0f13684e228e66be7cf5b44a5503 (patch) | |
| tree | 1a0c7cf74f3c897e776baa79543d9044d0741daa | |
| parent | bba7669d98169dd8ee2ef23c7ea0f8fa19fe8f69 (diff) | |
| download | mongo-6c32cb811fff0f13684e228e66be7cf5b44a5503.tar.gz | |
SERVER-50647 Fix OCSP HTTP Client timeout for Windows
| -rw-r--r-- | src/mongo/shell/shell_options.cpp | 1 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_manager_windows.cpp | 3 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_parameters.idl | 11 |
3 files changed, 15 insertions, 0 deletions
diff --git a/src/mongo/shell/shell_options.cpp b/src/mongo/shell/shell_options.cpp index 0b716b1f3f3..4408ce4dc0b 100644 --- a/src/mongo/shell/shell_options.cpp +++ b/src/mongo/shell/shell_options.cpp @@ -65,6 +65,7 @@ const std::set<std::string> kSetShellParameterWhitelist = { "disabledSecureAllocatorDomains", "newLineAfterPasswordPromptForTest", "skipShellCursorFinalize", + "tlsOCSPVerifyTimeoutSecs", }; std::string getMongoShellHelp(StringData name, const moe::OptionSection& options) { diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp index aac7044ed87..6d0e3f54b62 100644 --- a/src/mongo/util/net/ssl_manager_windows.cpp +++ b/src/mongo/util/net/ssl_manager_windows.cpp @@ -59,6 +59,7 @@ #include "mongo/util/net/socket_exception.h" #include "mongo/util/net/ssl.hpp" #include "mongo/util/net/ssl_options.h" +#include "mongo/util/net/ssl_parameters_gen.h" #include "mongo/util/net/ssl_types.h" #include "mongo/util/str.h" #include "mongo/util/text.h" @@ -1699,6 +1700,8 @@ Status validatePeerCertificate(const std::string& remoteHost, certChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = usage; } + certChainPara.dwUrlRetrievalTimeout = gTLSOCSPVerifyTimeoutSecs * 1000; + PCCERT_CHAIN_CONTEXT chainContext; BOOL ret = CertGetCertificateChain(certChainEngine, cert, diff --git a/src/mongo/util/net/ssl_parameters.idl b/src/mongo/util/net/ssl_parameters.idl index 8c46afc48a6..c16ed9fec85 100644 --- a/src/mongo/util/net/ssl_parameters.idl +++ b/src/mongo/util/net/ssl_parameters.idl @@ -59,6 +59,17 @@ server_parameters: set_at: startup cpp_varname: "sslGlobalParams.tlsWithholdClientCertificate" + tlsOCSPVerifyTimeoutSecs: + description: >- + How long the http client should wait before timing out + when fetching OCSP Responses for peer certificate + set_at: startup + cpp_vartype: int + default: 5 + cpp_varname: "gTLSOCSPVerifyTimeoutSecs" + validator: + gte: 1 + opensslCipherConfig: description: "Cipher configuration string for OpenSSL based TLS connections" set_at: startup |