diff options
| author | Varun Ravichandran <varun.ravichandran@mongodb.com> | 2023-05-05 18:40:51 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-05-11 18:04:41 +0000 |
| commit | 5d0653dce309f18986c754d81d6ab2997ef95735 (patch) | |
| tree | e4ec4088efa6b41bb271f93663327599900294f5 | |
| parent | f9a29465fca8df7a0db888389a3c3038a4d3fc6d (diff) | |
| download | mongo-5d0653dce309f18986c754d81d6ab2997ef95735.tar.gz | |
SERVER-70188: Remove featureFlagConfigurableX509ClusterAuthn
| -rw-r--r-- | src/mongo/db/server_feature_flags.idl | 8 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 8 |
2 files changed, 2 insertions, 14 deletions
diff --git a/src/mongo/db/server_feature_flags.idl b/src/mongo/db/server_feature_flags.idl index f7b0b8f7bb3..d632cae980c 100644 --- a/src/mongo/db/server_feature_flags.idl +++ b/src/mongo/db/server_feature_flags.idl @@ -82,11 +82,3 @@ feature_flags: cpp_varname: feature_flags::gFeatureFlagUseUnreplicatedTruncatesForDeletions default: false shouldBeFCVGated: false - featureFlagConfigurableX509ClusterAuthn: - description: >- - Enable configurable parameters for detection of peer server nodes using X.509 - intracluster authentication. - cpp_varname: gFeatureFlagConfigurableX509ClusterAuthn - default: true - version: 7.0 - shouldBeFCVGated: true diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index b87aa94599c..9e7cd2083d1 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -811,9 +811,7 @@ bool SSLConfiguration::isClusterMember( // If either net.tls.clusterAuthX509.attributes or net.tls.clusterAuthX509.extensionValue have // been specified, use them to determine cluster membership. Otherwise, check whether DC, O, // and/or OU from the server member certificate's subject DN match the client subject DN. - if (_clusterAuthX509Config._configCriteria && - gFeatureFlagConfigurableX509ClusterAuthn.isEnabled( - serverGlobalParams.featureCompatibility)) { + if (_clusterAuthX509Config._configCriteria) { bool matchesClusterAuthX509Config = stdx::visit(visitor, _clusterAuthX509Config._configCriteria.value()); if (matchesClusterAuthX509Config) { @@ -830,9 +828,7 @@ bool SSLConfiguration::isClusterMember( // If the certificate did not meet either of the above criteria, then it can still be a cluster // member if tlsClusterX509AuthOverride is specified and it meets the attribute or extension // policy specified. - if (_clusterAuthX509Config._overrideCriteria && - gFeatureFlagConfigurableX509ClusterAuthn.isEnabled( - serverGlobalParams.featureCompatibility)) { + if (_clusterAuthX509Config._overrideCriteria) { return stdx::visit(visitor, _clusterAuthX509Config._overrideCriteria.value()); } |