SERVER-43795 Implement and test OCSP Client Validation for OSX

author: Shreyas Kalyan <shreyas.kalyan@10gen.com> 2020-02-19 10:01:17 -0500
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-02-27 20:05:46 +0000
commit: ad92095a43b0ae9b983d43c460b2fb45f9b0aad7 (patch)
tree: e0a034a6307dcb3b7336ce9881080f9c9834db5e
parent: ac7c4b8079b8927bab3fbabf179a5be125c9c4bf (diff)
download: mongo-ad92095a43b0ae9b983d43c460b2fb45f9b0aad7.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp
index c201ec51188..ce6c0217506 100644
--- a/src/mongo/util/net/ssl_manager_apple.cpp
+++ b/src/mongo/util/net/ssl_manager_apple.cpp
@@ -1510,6 +1510,19 @@ Future<SSLPeerInfo> SSLManagerApple::parseAndValidatePeerCertificate(
         ipv6 = true;
     }
 
+    if (sslOCSPEnabled && !remoteHost.empty()) {
+        CFArrayRef policies = nullptr;
+        ::SecTrustCopyPolicies(cftrust.get(), &policies);
+        CFUniquePtr<::CFArrayRef> cfpolicies(policies);
+
+        CFUniquePtr<::CFMutableArrayRef> policiesMutable(
+            ::CFArrayCreateMutableCopy(NULL, 0, policies));
+        CFUniquePtr<::SecPolicyRef> cfRevPolicy(
+            ::SecPolicyCreateRevocation(kSecRevocationOCSPMethod));
+        ::CFArrayAppendValue(policiesMutable.get(), cfRevPolicy.get());
+        ::SecTrustSetPolicies(cftrust.get(), policiesMutable.get());
+    }
+
     auto result = ::kSecTrustResultInvalid;
     uassertOSStatusOK(::SecTrustEvaluate(cftrust.get(), &result), ErrorCodes::SSLHandshakeFailed);
author	Shreyas Kalyan <shreyas.kalyan@10gen.com>	2020-02-19 10:01:17 -0500
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-02-27 20:05:46 +0000
commit	ad92095a43b0ae9b983d43c460b2fb45f9b0aad7 (patch)
tree	e0a034a6307dcb3b7336ce9881080f9c9834db5e
parent	ac7c4b8079b8927bab3fbabf179a5be125c9c4bf (diff)
download	mongo-ad92095a43b0ae9b983d43c460b2fb45f9b0aad7.tar.gz